@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Example Usage * * ### Iam Projects Policy Binding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as time from "@pulumiverse/time"; * * const project = gcp.organizations.getProject({}); * const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", { * organization: "123456789", * location: "global", * displayName: "binding for all principals in the project", * principalAccessBoundaryPolicyId: "my-pab-policy", * }); * const wait60Seconds = new time.index.Sleep("wait_60_seconds", {createDuration: "60s"}, { * dependsOn: [pabPolicy], * }); * const binding_for_all_project_principals = new gcp.iam.ProjectsPolicyBinding("binding-for-all-project-principals", { * project: project.then(project => project.projectId), * location: "global", * displayName: "binding for all principals in the project", * policyKind: "PRINCIPAL_ACCESS_BOUNDARY", * policyBindingId: "binding-for-all-project-principals", * policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`, * target: { * principalSet: project.then(project => `//cloudresourcemanager.googleapis.com/projects/${project.projectId}`), * }, * }, { * dependsOn: [wait60Seconds], * }); * ``` * * ## Import * * ProjectsPolicyBinding can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}` * * * `{{project}}/{{location}}/{{policy_binding_id}}` * * * `{{location}}/{{policy_binding_id}}` * * When using the `pulumi import` command, ProjectsPolicyBinding can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/projectsPolicyBinding:ProjectsPolicyBinding default projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}} * ``` * * ```sh * $ pulumi import gcp:iam/projectsPolicyBinding:ProjectsPolicyBinding default {{project}}/{{location}}/{{policy_binding_id}} * ``` * * ```sh * $ pulumi import gcp:iam/projectsPolicyBinding:ProjectsPolicyBinding default {{location}}/{{policy_binding_id}} * ``` */ export declare class ProjectsPolicyBinding extends pulumi.CustomResource { /** * Get an existing ProjectsPolicyBinding resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProjectsPolicyBindingState, opts?: pulumi.CustomResourceOptions): ProjectsPolicyBinding; /** * Returns true if the given object is an instance of ProjectsPolicyBinding. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ProjectsPolicyBinding; /** * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ readonly annotations: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Represents a textual expression in the Common Expression Language * (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of * CEL are documented at https://github.com/google/cel-spec. * Example (Comparison): * title: \"Summary size limit\" * description: \"Determines if a summary is less than 100 chars\" * expression: \"document.summary.size() < 100\" * Example * (Equality): * title: \"Requestor is owner\" * description: \"Determines if requestor is the document owner\" * expression: \"document.owner == request.auth.claims.email\" Example * (Logic): * title: \"Public documents\" * description: \"Determine whether the document should be publicly visible\" * expression: \"document.type != 'private' && document.type != 'internal'\" * Example (Data Manipulation): * title: \"Notification string\" * description: \"Create a notification string with a timestamp.\" * expression: \"'New message received at ' + string(document.create_time)\" * The exact variables and functions that may be referenced within an expression are * determined by the service that evaluates it. See the service documentation for * additional information. * Structure is documented below. */ readonly condition: pulumi.Output<outputs.iam.ProjectsPolicyBindingCondition | undefined>; /** * Output only. The time when the policy binding was created. */ readonly createTime: pulumi.Output<string>; /** * Optional. The description of the policy binding. Must be less than or equal to 63 characters. */ readonly displayName: pulumi.Output<string | undefined>; readonly effectiveAnnotations: pulumi.Output<{ [key: string]: string; }>; /** * Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. */ readonly etag: pulumi.Output<string>; /** * The location of the Policy Binding */ readonly location: pulumi.Output<string>; /** * The name of the policy binding in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}` */ readonly name: pulumi.Output<string>; /** * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). */ readonly policy: pulumi.Output<string>; /** * The Policy Binding ID. */ readonly policyBindingId: pulumi.Output<string>; /** * Immutable. The kind of the policy to attach in this binding. This * field must be one of the following: - Left empty (will be automatically set * to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS */ readonly policyKind: pulumi.Output<string | undefined>; /** * Output only. The globally unique ID of the policy to be bound. */ readonly policyUid: pulumi.Output<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * Target is the full resource name of the resource to which the policy will be bound. Immutable once set. * Structure is documented below. */ readonly target: pulumi.Output<outputs.iam.ProjectsPolicyBindingTarget>; /** * Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. */ readonly uid: pulumi.Output<string>; /** * Output only. The time when the policy binding was most recently updated. */ readonly updateTime: pulumi.Output<string>; /** * Create a ProjectsPolicyBinding resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ProjectsPolicyBindingArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ProjectsPolicyBinding resources. */ export interface ProjectsPolicyBindingState { /** * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Represents a textual expression in the Common Expression Language * (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of * CEL are documented at https://github.com/google/cel-spec. * Example (Comparison): * title: \"Summary size limit\" * description: \"Determines if a summary is less than 100 chars\" * expression: \"document.summary.size() < 100\" * Example * (Equality): * title: \"Requestor is owner\" * description: \"Determines if requestor is the document owner\" * expression: \"document.owner == request.auth.claims.email\" Example * (Logic): * title: \"Public documents\" * description: \"Determine whether the document should be publicly visible\" * expression: \"document.type != 'private' && document.type != 'internal'\" * Example (Data Manipulation): * title: \"Notification string\" * description: \"Create a notification string with a timestamp.\" * expression: \"'New message received at ' + string(document.create_time)\" * The exact variables and functions that may be referenced within an expression are * determined by the service that evaluates it. See the service documentation for * additional information. * Structure is documented below. */ condition?: pulumi.Input<inputs.iam.ProjectsPolicyBindingCondition>; /** * Output only. The time when the policy binding was created. */ createTime?: pulumi.Input<string>; /** * Optional. The description of the policy binding. Must be less than or equal to 63 characters. */ displayName?: pulumi.Input<string>; effectiveAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. */ etag?: pulumi.Input<string>; /** * The location of the Policy Binding */ location?: pulumi.Input<string>; /** * The name of the policy binding in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}` */ name?: pulumi.Input<string>; /** * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). */ policy?: pulumi.Input<string>; /** * The Policy Binding ID. */ policyBindingId?: pulumi.Input<string>; /** * Immutable. The kind of the policy to attach in this binding. This * field must be one of the following: - Left empty (will be automatically set * to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS */ policyKind?: pulumi.Input<string>; /** * Output only. The globally unique ID of the policy to be bound. */ policyUid?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * Target is the full resource name of the resource to which the policy will be bound. Immutable once set. * Structure is documented below. */ target?: pulumi.Input<inputs.iam.ProjectsPolicyBindingTarget>; /** * Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. */ uid?: pulumi.Input<string>; /** * Output only. The time when the policy binding was most recently updated. */ updateTime?: pulumi.Input<string>; } /** * The set of arguments for constructing a ProjectsPolicyBinding resource. */ export interface ProjectsPolicyBindingArgs { /** * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Represents a textual expression in the Common Expression Language * (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of * CEL are documented at https://github.com/google/cel-spec. * Example (Comparison): * title: \"Summary size limit\" * description: \"Determines if a summary is less than 100 chars\" * expression: \"document.summary.size() < 100\" * Example * (Equality): * title: \"Requestor is owner\" * description: \"Determines if requestor is the document owner\" * expression: \"document.owner == request.auth.claims.email\" Example * (Logic): * title: \"Public documents\" * description: \"Determine whether the document should be publicly visible\" * expression: \"document.type != 'private' && document.type != 'internal'\" * Example (Data Manipulation): * title: \"Notification string\" * description: \"Create a notification string with a timestamp.\" * expression: \"'New message received at ' + string(document.create_time)\" * The exact variables and functions that may be referenced within an expression are * determined by the service that evaluates it. See the service documentation for * additional information. * Structure is documented below. */ condition?: pulumi.Input<inputs.iam.ProjectsPolicyBindingCondition>; /** * Optional. The description of the policy binding. Must be less than or equal to 63 characters. */ displayName?: pulumi.Input<string>; /** * The location of the Policy Binding */ location: pulumi.Input<string>; /** * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). */ policy: pulumi.Input<string>; /** * The Policy Binding ID. */ policyBindingId: pulumi.Input<string>; /** * Immutable. The kind of the policy to attach in this binding. This * field must be one of the following: - Left empty (will be automatically set * to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS */ policyKind?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * Target is the full resource name of the resource to which the policy will be bound. Immutable once set. * Structure is documented below. */ target: pulumi.Input<inputs.iam.ProjectsPolicyBindingTarget>; }