Class AttestorIamMember
Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:
gcp.binaryauthorization.AttestorIamPolicy: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.gcp.binaryauthorization.AttestorIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.gcp.binaryauthorization.AttestorIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.
Note:
gcp.binaryauthorization.AttestorIamPolicycannot be used in conjunction withgcp.binaryauthorization.AttestorIamBindingandgcp.binaryauthorization.AttestorIamMemberor they will fight over what your policy should be.
Note:
gcp.binaryauthorization.AttestorIamBindingresources can be used in conjunction withgcp.binaryauthorization.AttestorIamMemberresources only if they do not grant privilege to the same role.
google_binary_authorization_attestor_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/viewer" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy("policy", new Gcp.BinaryAuthorization.AttestorIamPolicyArgs
{
Project = google_binary_authorization_attestor.Attestor.Project,
Attestor = google_binary_authorization_attestor.Attestor.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_binary_authorization_attestor_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.BinaryAuthorization.AttestorIamBinding("binding", new Gcp.BinaryAuthorization.AttestorIamBindingArgs
{
Project = google_binary_authorization_attestor.Attestor.Project,
Attestor = google_binary_authorization_attestor.Attestor.Name,
Role = "roles/viewer",
Members =
{
"user:jane@example.com",
},
});
}
}
google_binary_authorization_attestor_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.BinaryAuthorization.AttestorIamMember("member", new Gcp.BinaryAuthorization.AttestorIamMemberArgs
{
Project = google_binary_authorization_attestor.Attestor.Project,
Attestor = google_binary_authorization_attestor.Attestor.Name,
Role = "roles/viewer",
Member = "user:jane@example.com",
});
}
}
Inherited Members
Namespace: Pulumi.Gcp.BinaryAuthorization
Assembly: Pulumi.Gcp.dll
Syntax
public class AttestorIamMember : CustomResourceConstructors
View SourceAttestorIamMember(String, AttestorIamMemberArgs, CustomResourceOptions)
Create a AttestorIamMember resource with the given unique name, arguments, and options.
Declaration
public AttestorIamMember(string name, AttestorIamMemberArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| AttestorIamMemberArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceAttestor
Used to find the parent resource to bind the IAM policy to
Declaration
public Output<string> Attestor { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Condition
Declaration
public Output<AttestorIamMemberCondition> Condition { get; }Property Value
| Type | Description |
|---|---|
| Output<AttestorIamMemberCondition> |
Etag
(Computed) The etag of the IAM policy.
Declaration
public Output<string> Etag { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Member
Declaration
public Output<string> Member { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Project
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Declaration
public Output<string> Project { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Role
The role that should be applied. Only one
gcp.binaryauthorization.AttestorIamBinding can be used per role. Note that custom roles must be of the format
[projects|organizations]/{parent-name}/roles/{role-name}.
Declaration
public Output<string> Role { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, AttestorIamMemberState, CustomResourceOptions)
Get an existing AttestorIamMember resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static AttestorIamMember Get(string name, Input<string> id, AttestorIamMemberState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| AttestorIamMemberState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| AttestorIamMember |