Documentation
¶
Index ¶
- type GetOrganizationPolicyArgs
- type GetOrganizationPolicyResult
- type IAMBinding
- type IAMBindingArgs
- type IAMBindingState
- type IAMMember
- type IAMMemberArgs
- type IAMMemberState
- type IAMPolicy
- type IAMPolicyArgs
- type IAMPolicyState
- type OrganizationPolicy
- func (r *OrganizationPolicy) BooleanPolicy() *pulumi.Output
- func (r *OrganizationPolicy) Constraint() *pulumi.StringOutput
- func (r *OrganizationPolicy) Etag() *pulumi.StringOutput
- func (r *OrganizationPolicy) Folder() *pulumi.StringOutput
- func (r *OrganizationPolicy) ID() *pulumi.IDOutput
- func (r *OrganizationPolicy) ListPolicy() *pulumi.Output
- func (r *OrganizationPolicy) RestorePolicy() *pulumi.Output
- func (r *OrganizationPolicy) URN() *pulumi.URNOutput
- func (r *OrganizationPolicy) UpdateTime() *pulumi.StringOutput
- func (r *OrganizationPolicy) Version() *pulumi.IntOutput
- type OrganizationPolicyArgs
- type OrganizationPolicyState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GetOrganizationPolicyArgs ¶ added in v0.18.1
type GetOrganizationPolicyArgs struct {
// (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
Constraint interface{}
// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
Folder interface{}
}
A collection of arguments for invoking getOrganizationPolicy.
type GetOrganizationPolicyResult ¶ added in v0.18.1
type GetOrganizationPolicyResult struct {
BooleanPolicies interface{}
Etag interface{}
ListPolicies interface{}
RestorePolicies interface{}
UpdateTime interface{}
Version interface{}
// id is the provider-assigned unique ID for this managed resource.
Id interface{}
}
A collection of values returned by getOrganizationPolicy.
func LookupOrganizationPolicy ¶ added in v0.18.1
func LookupOrganizationPolicy(ctx *pulumi.Context, args *GetOrganizationPolicyArgs) (*GetOrganizationPolicyResult, error)
Allows management of Organization policies for a Google Folder. For more information see [the official documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)
type IAMBinding ¶
type IAMBinding struct {
// contains filtered or unexported fields
}
Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform folder.
> **Note:** This resource _must not_ be used in conjunction with
`google_folder_iam_policy` or they will fight over what your policy should be.
> **Note:** On create, this resource will overwrite members of any existing roles.
Use `terraform import` and inspect the `terraform plan` output to ensure your existing members are preserved.
func GetIAMBinding ¶
func GetIAMBinding(ctx *pulumi.Context, name string, id pulumi.ID, state *IAMBindingState, opts ...pulumi.ResourceOpt) (*IAMBinding, error)
GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewIAMBinding ¶
func NewIAMBinding(ctx *pulumi.Context, name string, args *IAMBindingArgs, opts ...pulumi.ResourceOpt) (*IAMBinding, error)
NewIAMBinding registers a new resource with the given unique name, arguments, and options.
func (*IAMBinding) Etag ¶
func (r *IAMBinding) Etag() *pulumi.StringOutput
(Computed) The etag of the folder's IAM policy.
func (*IAMBinding) Folder ¶
func (r *IAMBinding) Folder() *pulumi.StringOutput
The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
func (*IAMBinding) ID ¶
func (r *IAMBinding) ID() *pulumi.IDOutput
ID is this resource's unique identifier assigned by its provider.
func (*IAMBinding) Members ¶
func (r *IAMBinding) Members() *pulumi.ArrayOutput
An array of identites that will be granted the privilege in the `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
func (*IAMBinding) Role ¶
func (r *IAMBinding) Role() *pulumi.StringOutput
The role that should be applied. Only one `google_folder_iam_binding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (*IAMBinding) URN ¶
func (r *IAMBinding) URN() *pulumi.URNOutput
URN is this resource's unique name assigned by Pulumi.
type IAMBindingArgs ¶
type IAMBindingArgs struct {
// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
Folder interface{}
// An array of identites that will be granted the privilege in the `role`.
// Each entry can have one of the following values:
// * **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com.
// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
// * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
Members interface{}
// The role that should be applied. Only one
// `google_folder_iam_binding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role interface{}
}
The set of arguments for constructing a IAMBinding resource.
type IAMBindingState ¶
type IAMBindingState struct {
// (Computed) The etag of the folder's IAM policy.
Etag interface{}
// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
Folder interface{}
// An array of identites that will be granted the privilege in the `role`.
// Each entry can have one of the following values:
// * **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com.
// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
// * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
Members interface{}
// The role that should be applied. Only one
// `google_folder_iam_binding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role interface{}
}
Input properties used for looking up and filtering IAMBinding resources.
type IAMMember ¶
type IAMMember struct {
// contains filtered or unexported fields
}
Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud Platform folder.
> **Note:** This resource _must not_ be used in conjunction with
`google_folder_iam_policy` or they will fight over what your policy should be. Similarly, roles controlled by `google_folder_iam_binding` should not be assigned to using `google_folder_iam_member`.
func GetIAMMember ¶
func GetIAMMember(ctx *pulumi.Context, name string, id pulumi.ID, state *IAMMemberState, opts ...pulumi.ResourceOpt) (*IAMMember, error)
GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewIAMMember ¶
func NewIAMMember(ctx *pulumi.Context, name string, args *IAMMemberArgs, opts ...pulumi.ResourceOpt) (*IAMMember, error)
NewIAMMember registers a new resource with the given unique name, arguments, and options.
func (*IAMMember) Etag ¶
func (r *IAMMember) Etag() *pulumi.StringOutput
(Computed) The etag of the folder's IAM policy.
func (*IAMMember) Folder ¶
func (r *IAMMember) Folder() *pulumi.StringOutput
The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
func (*IAMMember) Member ¶
func (r *IAMMember) Member() *pulumi.StringOutput
The identity that will be granted the privilege in the `role`. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding This field can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
func (*IAMMember) Role ¶
func (r *IAMMember) Role() *pulumi.StringOutput
The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
type IAMMemberArgs ¶
type IAMMemberArgs struct {
// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
Folder interface{}
// The identity that will be granted the privilege in the `role`. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
// This field can have one of the following values:
// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
Member interface{}
// The role that should be applied. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role interface{}
}
The set of arguments for constructing a IAMMember resource.
type IAMMemberState ¶
type IAMMemberState struct {
// (Computed) The etag of the folder's IAM policy.
Etag interface{}
// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
Folder interface{}
// The identity that will be granted the privilege in the `role`. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
// This field can have one of the following values:
// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
Member interface{}
// The role that should be applied. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role interface{}
}
Input properties used for looking up and filtering IAMMember resources.
type IAMPolicy ¶
type IAMPolicy struct {
// contains filtered or unexported fields
}
Allows creation and management of the IAM policy for an existing Google Cloud Platform folder.
func GetIAMPolicy ¶
func GetIAMPolicy(ctx *pulumi.Context, name string, id pulumi.ID, state *IAMPolicyState, opts ...pulumi.ResourceOpt) (*IAMPolicy, error)
GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewIAMPolicy ¶
func NewIAMPolicy(ctx *pulumi.Context, name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOpt) (*IAMPolicy, error)
NewIAMPolicy registers a new resource with the given unique name, arguments, and options.
func (*IAMPolicy) Etag ¶
func (r *IAMPolicy) Etag() *pulumi.StringOutput
(Computed) The etag of the folder's IAM policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
func (*IAMPolicy) Folder ¶
func (r *IAMPolicy) Folder() *pulumi.StringOutput
The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
func (*IAMPolicy) PolicyData ¶
func (r *IAMPolicy) PolicyData() *pulumi.StringOutput
The `google_iam_policy` data source that represents the IAM policy that will be applied to the folder. This policy overrides any existing policy applied to the folder.
type IAMPolicyArgs ¶
type IAMPolicyArgs struct {
// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
Folder interface{}
// The `google_iam_policy` data source that represents
// the IAM policy that will be applied to the folder. This policy overrides any existing
// policy applied to the folder.
PolicyData interface{}
}
The set of arguments for constructing a IAMPolicy resource.
type IAMPolicyState ¶
type IAMPolicyState struct {
// (Computed) The etag of the folder's IAM policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
Etag interface{}
// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
Folder interface{}
// The `google_iam_policy` data source that represents
// the IAM policy that will be applied to the folder. This policy overrides any existing
// policy applied to the folder.
PolicyData interface{}
}
Input properties used for looking up and filtering IAMPolicy resources.
type OrganizationPolicy ¶
type OrganizationPolicy struct {
// contains filtered or unexported fields
}
Allows management of Organization policies for a Google Folder. For more information see [the official documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview) and [API](https://cloud.google.com/resource-manager/reference/rest/v1/folders/setOrgPolicy).
func GetOrganizationPolicy ¶
func GetOrganizationPolicy(ctx *pulumi.Context, name string, id pulumi.ID, state *OrganizationPolicyState, opts ...pulumi.ResourceOpt) (*OrganizationPolicy, error)
GetOrganizationPolicy gets an existing OrganizationPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewOrganizationPolicy ¶
func NewOrganizationPolicy(ctx *pulumi.Context, name string, args *OrganizationPolicyArgs, opts ...pulumi.ResourceOpt) (*OrganizationPolicy, error)
NewOrganizationPolicy registers a new resource with the given unique name, arguments, and options.
func (*OrganizationPolicy) BooleanPolicy ¶
func (r *OrganizationPolicy) BooleanPolicy() *pulumi.Output
A boolean policy is a constraint that is either enforced or not. Structure is documented below.
func (*OrganizationPolicy) Constraint ¶
func (r *OrganizationPolicy) Constraint() *pulumi.StringOutput
The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
func (*OrganizationPolicy) Etag ¶
func (r *OrganizationPolicy) Etag() *pulumi.StringOutput
(Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
func (*OrganizationPolicy) Folder ¶
func (r *OrganizationPolicy) Folder() *pulumi.StringOutput
The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
func (*OrganizationPolicy) ID ¶
func (r *OrganizationPolicy) ID() *pulumi.IDOutput
ID is this resource's unique identifier assigned by its provider.
func (*OrganizationPolicy) ListPolicy ¶
func (r *OrganizationPolicy) ListPolicy() *pulumi.Output
A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
func (*OrganizationPolicy) RestorePolicy ¶ added in v0.15.0
func (r *OrganizationPolicy) RestorePolicy() *pulumi.Output
A restore policy is a constraint to restore the default policy. Structure is documented below.
func (*OrganizationPolicy) URN ¶
func (r *OrganizationPolicy) URN() *pulumi.URNOutput
URN is this resource's unique name assigned by Pulumi.
func (*OrganizationPolicy) UpdateTime ¶
func (r *OrganizationPolicy) UpdateTime() *pulumi.StringOutput
(Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
func (*OrganizationPolicy) Version ¶
func (r *OrganizationPolicy) Version() *pulumi.IntOutput
Version of the Policy. Default version is 0.
type OrganizationPolicyArgs ¶
type OrganizationPolicyArgs struct {
// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
BooleanPolicy interface{}
// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
Constraint interface{}
// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
Folder interface{}
// A policy that can define specific values that are allowed or denied for the given constraint. It
// can also be used to allow or deny all values. Structure is documented below.
ListPolicy interface{}
// A restore policy is a constraint to restore the default policy. Structure is documented below.
RestorePolicy interface{}
// Version of the Policy. Default version is 0.
Version interface{}
}
The set of arguments for constructing a OrganizationPolicy resource.
type OrganizationPolicyState ¶
type OrganizationPolicyState struct {
// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
BooleanPolicy interface{}
// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
Constraint interface{}
// (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
Etag interface{}
// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
Folder interface{}
// A policy that can define specific values that are allowed or denied for the given constraint. It
// can also be used to allow or deny all values. Structure is documented below.
ListPolicy interface{}
// A restore policy is a constraint to restore the default policy. Structure is documented below.
RestorePolicy interface{}
// (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
UpdateTime interface{}
// Version of the Policy. Default version is 0.
Version interface{}
}
Input properties used for looking up and filtering OrganizationPolicy resources.
Source Files