Class ClusterIAMMember

Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:

  • gcp.dataproc.ClusterIAMPolicy: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.
  • gcp.dataproc.ClusterIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.
  • gcp.dataproc.ClusterIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.

Note: gcp.dataproc.ClusterIAMPolicy cannot be used in conjunction with gcp.dataproc.ClusterIAMBinding and gcp.dataproc.ClusterIAMMember or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as gcp.dataproc.ClusterIAMPolicy replaces the entire policy.

Note: gcp.dataproc.ClusterIAMBinding resources can be used in conjunction with gcp.dataproc.ClusterIAMMember resources only if they do not grant privilege to the same role.

google_pubsub_subscription_iam_policy

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
    {
        Binding = 
        {

            {
                { "role", "roles/editor" },
                { "members", 
                {
                    "user:jane@example.com",
                } },
            },
        },
    }));
    var editor = new Gcp.Dataproc.ClusterIAMPolicy("editor", new Gcp.Dataproc.ClusterIAMPolicyArgs
    {
        Project = "your-project",
        Region = "your-region",
        Cluster = "your-dataproc-cluster",
        PolicyData = admin.Apply(admin => admin.PolicyData),
    });
}

}

google_pubsub_subscription_iam_binding

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var editor = new Gcp.Dataproc.ClusterIAMBinding("editor", new Gcp.Dataproc.ClusterIAMBindingArgs
    {
        Cluster = "your-dataproc-cluster",
        Members = 
        {
            "user:jane@example.com",
        },
        Role = "roles/editor",
    });
}

}

google_pubsub_subscription_iam_member

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var editor = new Gcp.Dataproc.ClusterIAMMember("editor", new Gcp.Dataproc.ClusterIAMMemberArgs
    {
        Cluster = "your-dataproc-cluster",
        Member = "user:jane@example.com",
        Role = "roles/editor",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
ClusterIAMMember
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Gcp.Dataproc
Assembly: Pulumi.Gcp.dll
Syntax
public class ClusterIAMMember : CustomResource

Constructors

View Source

ClusterIAMMember(String, ClusterIAMMemberArgs, CustomResourceOptions)

Create a ClusterIAMMember resource with the given unique name, arguments, and options.

Declaration
public ClusterIAMMember(string name, ClusterIAMMemberArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
ClusterIAMMemberArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Cluster

The name or relative resource id of the cluster to manage IAM policies for.

Declaration
public Output<string> Cluster { get; }
Property Value
Type Description
Output<System.String>
View Source

Condition

Declaration
public Output<ClusterIAMMemberCondition> Condition { get; }
Property Value
Type Description
Output<ClusterIAMMemberCondition>
View Source

Etag

(Computed) The etag of the clusters's IAM policy.

Declaration
public Output<string> Etag { get; }
Property Value
Type Description
Output<System.String>
View Source

Member

Declaration
public Output<string> Member { get; }
Property Value
Type Description
Output<System.String>
View Source

Project

The project in which the cluster belongs. If it is not provided, the provider will use a default.

Declaration
public Output<string> Project { get; }
Property Value
Type Description
Output<System.String>
View Source

Region

The region in which the cluster belongs. If it is not provided, the provider will use a default.

Declaration
public Output<string> Region { get; }
Property Value
Type Description
Output<System.String>
View Source

Role

The role that should be applied. Only one gcp.dataproc.ClusterIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

Declaration
public Output<string> Role { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, ClusterIAMMemberState, CustomResourceOptions)

Get an existing ClusterIAMMember resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static ClusterIAMMember Get(string name, Input<string> id, ClusterIAMMemberState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
ClusterIAMMemberState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
ClusterIAMMember