UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

240 lines • 10.2 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.ApiConfigIamMember = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case: * * * `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached. * * `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved. * * `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved. * * A data source can be used to retrieve policy data in advent you do not need creation * * * `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig * * > **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be. * * > **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role. * * ## gcp.apigateway.ApiConfigIamPolicy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const admin = gcp.organizations.getIAMPolicy({ * bindings: [{ * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }], * }); * const policy = new gcp.apigateway.ApiConfigIamPolicy("policy", { * api: apiCfg.api, * apiConfig: apiCfg.apiConfigId, * policyData: admin.then(admin => admin.policyData), * }); * ``` * * ## gcp.apigateway.ApiConfigIamBinding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const binding = new gcp.apigateway.ApiConfigIamBinding("binding", { * api: apiCfg.api, * apiConfig: apiCfg.apiConfigId, * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }); * ``` * * ## gcp.apigateway.ApiConfigIamMember * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const member = new gcp.apigateway.ApiConfigIamMember("member", { * api: apiCfg.api, * apiConfig: apiCfg.apiConfigId, * role: "roles/apigateway.viewer", * member: "user:jane@example.com", * }); * ``` * * ## This resource supports User Project Overrides. * * - * * # IAM policy for API Gateway ApiConfig * * Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case: * * * `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached. * * `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved. * * `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved. * * A data source can be used to retrieve policy data in advent you do not need creation * * * `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig * * > **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be. * * > **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role. * * ## gcp.apigateway.ApiConfigIamPolicy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const admin = gcp.organizations.getIAMPolicy({ * bindings: [{ * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }], * }); * const policy = new gcp.apigateway.ApiConfigIamPolicy("policy", { * api: apiCfg.api, * apiConfig: apiCfg.apiConfigId, * policyData: admin.then(admin => admin.policyData), * }); * ``` * * ## gcp.apigateway.ApiConfigIamBinding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const binding = new gcp.apigateway.ApiConfigIamBinding("binding", { * api: apiCfg.api, * apiConfig: apiCfg.apiConfigId, * role: "roles/apigateway.viewer", * members: ["user:jane@example.com"], * }); * ``` * * ## gcp.apigateway.ApiConfigIamMember * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const member = new gcp.apigateway.ApiConfigIamMember("member", { * api: apiCfg.api, * apiConfig: apiCfg.apiConfigId, * role: "roles/apigateway.viewer", * member: "user:jane@example.com", * }); * ``` * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: * * * projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} * * * {{project}}/{{api}}/{{api_config}} * * * {{api}}/{{api_config}} * * * {{api_config}} * * Any variables not passed in the import command will be taken from the provider configuration. * * API Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member. * * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. * * ```sh * $ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor "projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com" * ``` * * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. * * ```sh * $ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor "projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer" * ``` * * IAM policy imports use the identifier of the resource in question, e.g. * * ```sh * $ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} * ``` * * -> **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the * * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. */ class ApiConfigIamMember extends pulumi.CustomResource { /** * Get an existing ApiConfigIamMember resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new ApiConfigIamMember(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of ApiConfigIamMember. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === ApiConfigIamMember.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["api"] = state?.api; resourceInputs["apiConfig"] = state?.apiConfig; resourceInputs["condition"] = state?.condition; resourceInputs["etag"] = state?.etag; resourceInputs["member"] = state?.member; resourceInputs["project"] = state?.project; resourceInputs["role"] = state?.role; } else { const args = argsOrState; if (args?.api === undefined && !opts.urn) { throw new Error("Missing required property 'api'"); } if (args?.apiConfig === undefined && !opts.urn) { throw new Error("Missing required property 'apiConfig'"); } if (args?.member === undefined && !opts.urn) { throw new Error("Missing required property 'member'"); } if (args?.role === undefined && !opts.urn) { throw new Error("Missing required property 'role'"); } resourceInputs["api"] = args?.api; resourceInputs["apiConfig"] = args?.apiConfig; resourceInputs["condition"] = args?.condition; resourceInputs["member"] = args?.member; resourceInputs["project"] = args?.project; resourceInputs["role"] = args?.role; resourceInputs["etag"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ApiConfigIamMember.__pulumiType, name, resourceInputs, opts); } } exports.ApiConfigIamMember = ApiConfigIamMember; /** @internal */ ApiConfigIamMember.__pulumiType = 'gcp:apigateway/apiConfigIamMember:ApiConfigIamMember'; //# sourceMappingURL=apiConfigIamMember.js.map