UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

126 lines 5.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
"use strict"; // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.IAMCustomRole = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Allows management of a customized Cloud IAM project role. For more information see * [the official documentation](https://cloud.google.com/iam/docs/understanding-custom-roles) * and * [API](https://cloud.google.com/iam/reference/rest/v1/projects.roles). * * > **Warning:** Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise * from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the * same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted * after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is * made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all * by the provider, and new roles cannot share that name. * * ## Example Usage * * This snippet creates a customized IAM role. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const my_custom_role = new gcp.projects.IAMCustomRole("my-custom-role", { * roleId: "myCustomRole", * title: "My Custom Role", * description: "A description", * permissions: [ * "iam.roles.list", * "iam.roles.create", * "iam.roles.delete", * ], * }); * ``` * * ## Import * * Custom Roles can be imported using any of these accepted formats: * * * `projects/{{project}}/roles/{{role_id}}` * * * `{{project}}/{{role_id}}` * * * `{{role_id}}` * * When using the `pulumi import` command, Custom Roles can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default projects/{{project}}/roles/{{role_id}} * ``` * * ```sh * $ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{project}}/{{role_id}} * ``` * * ```sh * $ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{role_id}} * ``` */ class IAMCustomRole extends pulumi.CustomResource { /** * Get an existing IAMCustomRole resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new IAMCustomRole(name, state, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of IAMCustomRole. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === IAMCustomRole.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["deleted"] = state ? state.deleted : undefined; resourceInputs["description"] = state ? state.description : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["permissions"] = state ? state.permissions : undefined; resourceInputs["project"] = state ? state.project : undefined; resourceInputs["roleId"] = state ? state.roleId : undefined; resourceInputs["stage"] = state ? state.stage : undefined; resourceInputs["title"] = state ? state.title : undefined; } else { const args = argsOrState; if ((!args || args.permissions === undefined) && !opts.urn) { throw new Error("Missing required property 'permissions'"); } if ((!args || args.title === undefined) && !opts.urn) { throw new Error("Missing required property 'title'"); } resourceInputs["description"] = args ? args.description : undefined; resourceInputs["permissions"] = args ? args.permissions : undefined; resourceInputs["project"] = args ? args.project : undefined; resourceInputs["roleId"] = args ? args.roleId : undefined; resourceInputs["stage"] = args ? args.stage : undefined; resourceInputs["title"] = args ? args.title : undefined; resourceInputs["deleted"] = undefined /*out*/; resourceInputs["name"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(IAMCustomRole.__pulumiType, name, resourceInputs, opts); } } exports.IAMCustomRole = IAMCustomRole; /** @internal */ IAMCustomRole.__pulumiType = 'gcp:projects/iAMCustomRole:IAMCustomRole'; //# sourceMappingURL=iamcustomRole.js.map