UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

242 lines • 10.4 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.GatewayIamBinding = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case: * * * `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached. * * `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved. * * `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved. * * A data source can be used to retrieve policy data in advent you do not need creation * * * `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway * * > **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be. * * > **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role. * * ## google\_api\_gateway\_gateway\_iam\_policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const admin = gcp.organizations.getIAMPolicy({ * bindings: [{ * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }], * }); * const policy = new gcp.apigateway.GatewayIamPolicy("policy", { * project: apiGw.project, * region: apiGw.region, * gateway: apiGw.gatewayId, * policyData: admin.then(admin => admin.policyData), * }); * ``` * * ## gcp.apigateway.GatewayIamBinding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const binding = new gcp.apigateway.GatewayIamBinding("binding", { * project: apiGw.project, * region: apiGw.region, * gateway: apiGw.gatewayId, * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }); * ``` * * ## gcp.apigateway.GatewayIamMember * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const member = new gcp.apigateway.GatewayIamMember("member", { * project: apiGw.project, * region: apiGw.region, * gateway: apiGw.gatewayId, * role: "roles/apigateway.viewer", * member: "user:jane@example.com", * }); * ``` * * ## This resource supports User Project Overrides. * * - * * # IAM policy for API Gateway Gateway * Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case: * * * `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached. * * `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved. * * `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved. * * A data source can be used to retrieve policy data in advent you do not need creation * * * `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway * * > **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be. * * > **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role. * * ## google\_api\_gateway\_gateway\_iam\_policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const admin = gcp.organizations.getIAMPolicy({ * bindings: [{ * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }], * }); * const policy = new gcp.apigateway.GatewayIamPolicy("policy", { * project: apiGw.project, * region: apiGw.region, * gateway: apiGw.gatewayId, * policyData: admin.then(admin => admin.policyData), * }); * ``` * * ## gcp.apigateway.GatewayIamBinding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const binding = new gcp.apigateway.GatewayIamBinding("binding", { * project: apiGw.project, * region: apiGw.region, * gateway: apiGw.gatewayId, * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }); * ``` * * ## gcp.apigateway.GatewayIamMember * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const member = new gcp.apigateway.GatewayIamMember("member", { * project: apiGw.project, * region: apiGw.region, * gateway: apiGw.gatewayId, * role: "roles/apigateway.viewer", * member: "user:jane@example.com", * }); * ``` * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: * * * projects/{{project}}/locations/{{region}}/gateways/{{gateway}} * * * {{project}}/{{region}}/{{gateway}} * * * {{region}}/{{gateway}} * * * {{gateway}} * * Any variables not passed in the import command will be taken from the provider configuration. * * API Gateway gateway IAM resources can be imported using the resource identifiers, role, and member. * * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. * * ```sh * $ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor "projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com" * ``` * * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. * * ```sh * $ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor "projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer" * ``` * * IAM policy imports use the identifier of the resource in question, e.g. * * ```sh * $ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}} * ``` * * -> **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the * * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. */ class GatewayIamBinding extends pulumi.CustomResource { /** * Get an existing GatewayIamBinding resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new GatewayIamBinding(name, state, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of GatewayIamBinding. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === GatewayIamBinding.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["condition"] = state ? state.condition : undefined; resourceInputs["etag"] = state ? state.etag : undefined; resourceInputs["gateway"] = state ? state.gateway : undefined; resourceInputs["members"] = state ? state.members : undefined; resourceInputs["project"] = state ? state.project : undefined; resourceInputs["region"] = state ? state.region : undefined; resourceInputs["role"] = state ? state.role : undefined; } else { const args = argsOrState; if ((!args || args.gateway === undefined) && !opts.urn) { throw new Error("Missing required property 'gateway'"); } if ((!args || args.members === undefined) && !opts.urn) { throw new Error("Missing required property 'members'"); } if ((!args || args.role === undefined) && !opts.urn) { throw new Error("Missing required property 'role'"); } resourceInputs["condition"] = args ? args.condition : undefined; resourceInputs["gateway"] = args ? args.gateway : undefined; resourceInputs["members"] = args ? args.members : undefined; resourceInputs["project"] = args ? args.project : undefined; resourceInputs["region"] = args ? args.region : undefined; resourceInputs["role"] = args ? args.role : undefined; resourceInputs["etag"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(GatewayIamBinding.__pulumiType, name, resourceInputs, opts); } } exports.GatewayIamBinding = GatewayIamBinding; /** @internal */ GatewayIamBinding.__pulumiType = 'gcp:apigateway/gatewayIamBinding:GatewayIamBinding'; //# sourceMappingURL=gatewayIamBinding.js.map