Namespace Pulumi.Gcp.Iap
Classes
AppEngineServiceIamBinding
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
gcp.iap.AppEngineServiceIamPolicy: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.gcp.iap.AppEngineServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.gcp.iap.AppEngineServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
Note:
gcp.iap.AppEngineServiceIamPolicycannot be used in conjunction withgcp.iap.AppEngineServiceIamBindingandgcp.iap.AppEngineServiceIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.AppEngineServiceIamBindingresources can be used in conjunction withgcp.iap.AppEngineServiceIamMemberresources only if they do not grant privilege to the same role.
google_iap_app_engine_service_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new Gcp.Iap.AppEngineServiceIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new Gcp.Iap.AppEngineServiceIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_app_engine_service_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new Gcp.Iap.AppEngineServiceIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new Gcp.Iap.AppEngineServiceIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
google_iap_app_engine_service_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineServiceIamMember("member", new Gcp.Iap.AppEngineServiceIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineServiceIamMember("member", new Gcp.Iap.AppEngineServiceIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
AppEngineServiceIamBindingArgs
AppEngineServiceIamBindingState
AppEngineServiceIamMember
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
gcp.iap.AppEngineServiceIamPolicy: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.gcp.iap.AppEngineServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.gcp.iap.AppEngineServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
Note:
gcp.iap.AppEngineServiceIamPolicycannot be used in conjunction withgcp.iap.AppEngineServiceIamBindingandgcp.iap.AppEngineServiceIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.AppEngineServiceIamBindingresources can be used in conjunction withgcp.iap.AppEngineServiceIamMemberresources only if they do not grant privilege to the same role.
google_iap_app_engine_service_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new Gcp.Iap.AppEngineServiceIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new Gcp.Iap.AppEngineServiceIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_app_engine_service_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new Gcp.Iap.AppEngineServiceIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new Gcp.Iap.AppEngineServiceIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
google_iap_app_engine_service_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineServiceIamMember("member", new Gcp.Iap.AppEngineServiceIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineServiceIamMember("member", new Gcp.Iap.AppEngineServiceIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
AppEngineServiceIamMemberArgs
AppEngineServiceIamMemberState
AppEngineServiceIamPolicy
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
gcp.iap.AppEngineServiceIamPolicy: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.gcp.iap.AppEngineServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.gcp.iap.AppEngineServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
Note:
gcp.iap.AppEngineServiceIamPolicycannot be used in conjunction withgcp.iap.AppEngineServiceIamBindingandgcp.iap.AppEngineServiceIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.AppEngineServiceIamBindingresources can be used in conjunction withgcp.iap.AppEngineServiceIamMemberresources only if they do not grant privilege to the same role.
google_iap_app_engine_service_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new Gcp.Iap.AppEngineServiceIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new Gcp.Iap.AppEngineServiceIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_app_engine_service_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new Gcp.Iap.AppEngineServiceIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new Gcp.Iap.AppEngineServiceIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
google_iap_app_engine_service_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineServiceIamMember("member", new Gcp.Iap.AppEngineServiceIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineServiceIamMember("member", new Gcp.Iap.AppEngineServiceIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
});
}
}
AppEngineServiceIamPolicyArgs
AppEngineServiceIamPolicyState
AppEngineVersionIamBinding
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
gcp.iap.AppEngineVersionIamPolicy: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.gcp.iap.AppEngineVersionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.gcp.iap.AppEngineVersionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
Note:
gcp.iap.AppEngineVersionIamPolicycannot be used in conjunction withgcp.iap.AppEngineVersionIamBindingandgcp.iap.AppEngineVersionIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.AppEngineVersionIamBindingresources can be used in conjunction withgcp.iap.AppEngineVersionIamMemberresources only if they do not grant privilege to the same role.
google_iap_app_engine_version_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new Gcp.Iap.AppEngineVersionIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new Gcp.Iap.AppEngineVersionIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_app_engine_version_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new Gcp.Iap.AppEngineVersionIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new Gcp.Iap.AppEngineVersionIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
google_iap_app_engine_version_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineVersionIamMember("member", new Gcp.Iap.AppEngineVersionIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineVersionIamMember("member", new Gcp.Iap.AppEngineVersionIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
AppEngineVersionIamBindingArgs
AppEngineVersionIamBindingState
AppEngineVersionIamMember
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
gcp.iap.AppEngineVersionIamPolicy: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.gcp.iap.AppEngineVersionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.gcp.iap.AppEngineVersionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
Note:
gcp.iap.AppEngineVersionIamPolicycannot be used in conjunction withgcp.iap.AppEngineVersionIamBindingandgcp.iap.AppEngineVersionIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.AppEngineVersionIamBindingresources can be used in conjunction withgcp.iap.AppEngineVersionIamMemberresources only if they do not grant privilege to the same role.
google_iap_app_engine_version_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new Gcp.Iap.AppEngineVersionIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new Gcp.Iap.AppEngineVersionIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_app_engine_version_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new Gcp.Iap.AppEngineVersionIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new Gcp.Iap.AppEngineVersionIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
google_iap_app_engine_version_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineVersionIamMember("member", new Gcp.Iap.AppEngineVersionIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineVersionIamMember("member", new Gcp.Iap.AppEngineVersionIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
AppEngineVersionIamMemberArgs
AppEngineVersionIamMemberState
AppEngineVersionIamPolicy
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
gcp.iap.AppEngineVersionIamPolicy: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.gcp.iap.AppEngineVersionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.gcp.iap.AppEngineVersionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
Note:
gcp.iap.AppEngineVersionIamPolicycannot be used in conjunction withgcp.iap.AppEngineVersionIamBindingandgcp.iap.AppEngineVersionIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.AppEngineVersionIamBindingresources can be used in conjunction withgcp.iap.AppEngineVersionIamMemberresources only if they do not grant privilege to the same role.
google_iap_app_engine_version_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new Gcp.Iap.AppEngineVersionIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new Gcp.Iap.AppEngineVersionIamPolicyArgs
{
Project = google_app_engine_standard_app_version.Version.Project,
AppId = google_app_engine_standard_app_version.Version.Project,
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_app_engine_version_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new Gcp.Iap.AppEngineVersionIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new Gcp.Iap.AppEngineVersionIamBindingArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Members =
{
"user:jane@example.com",
},
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
google_iap_app_engine_version_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineVersionIamMember("member", new Gcp.Iap.AppEngineVersionIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.AppEngineVersionIamMember("member", new Gcp.Iap.AppEngineVersionIamMemberArgs
{
AppId = google_app_engine_standard_app_version.Version.Project,
Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs
{
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
Title = "expires_after_2019_12_31",
},
Member = "user:jane@example.com",
Project = google_app_engine_standard_app_version.Version.Project,
Role = "roles/iap.httpsResourceAccessor",
Service = google_app_engine_standard_app_version.Version.Service,
VersionId = google_app_engine_standard_app_version.Version.Version_id,
});
}
}
AppEngineVersionIamPolicyArgs
AppEngineVersionIamPolicyState
Brand
OAuth brand data. Only "Organization Internal" brands can be created programatically via API. To convert it into an external brands please use the GCP Console.
Note: Brands can be created only once for a Google Cloud Platform project and cannot be deleted. Destroying a provider-managed Brand will remove it from state but will not delete the resource on the server.
BrandArgs
BrandState
Client
Contains the data that describes an Identity Aware Proxy owned client.
Warning: All arguments including
secretwill be stored in the raw state as plain-text. Read more about secrets in state.
ClientArgs
ClientState
TunnelInstanceIAMBinding
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
gcp.iap.TunnelInstanceIAMPolicy: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.gcp.iap.TunnelInstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.gcp.iap.TunnelInstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
Note:
gcp.iap.TunnelInstanceIAMPolicycannot be used in conjunction withgcp.iap.TunnelInstanceIAMBindingandgcp.iap.TunnelInstanceIAMMemberor they will fight over what your policy should be.
Note:
gcp.iap.TunnelInstanceIAMBindingresources can be used in conjunction withgcp.iap.TunnelInstanceIAMMemberresources only if they do not grant privilege to the same role.
google_iap_tunnel_instance_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.tunnelResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new Gcp.Iap.TunnelInstanceIAMPolicyArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.tunnelResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new Gcp.Iap.TunnelInstanceIAMPolicyArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_tunnel_instance_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new Gcp.Iap.TunnelInstanceIAMBindingArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new Gcp.Iap.TunnelInstanceIAMBindingArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_tunnel_instance_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new Gcp.Iap.TunnelInstanceIAMMemberArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new Gcp.Iap.TunnelInstanceIAMMemberArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
TunnelInstanceIAMBindingArgs
TunnelInstanceIAMBindingState
TunnelInstanceIAMMember
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
gcp.iap.TunnelInstanceIAMPolicy: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.gcp.iap.TunnelInstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.gcp.iap.TunnelInstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
Note:
gcp.iap.TunnelInstanceIAMPolicycannot be used in conjunction withgcp.iap.TunnelInstanceIAMBindingandgcp.iap.TunnelInstanceIAMMemberor they will fight over what your policy should be.
Note:
gcp.iap.TunnelInstanceIAMBindingresources can be used in conjunction withgcp.iap.TunnelInstanceIAMMemberresources only if they do not grant privilege to the same role.
google_iap_tunnel_instance_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.tunnelResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new Gcp.Iap.TunnelInstanceIAMPolicyArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.tunnelResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new Gcp.Iap.TunnelInstanceIAMPolicyArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_tunnel_instance_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new Gcp.Iap.TunnelInstanceIAMBindingArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new Gcp.Iap.TunnelInstanceIAMBindingArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_tunnel_instance_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new Gcp.Iap.TunnelInstanceIAMMemberArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new Gcp.Iap.TunnelInstanceIAMMemberArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
TunnelInstanceIAMMemberArgs
TunnelInstanceIAMMemberState
TunnelInstanceIAMPolicy
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
gcp.iap.TunnelInstanceIAMPolicy: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.gcp.iap.TunnelInstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.gcp.iap.TunnelInstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
Note:
gcp.iap.TunnelInstanceIAMPolicycannot be used in conjunction withgcp.iap.TunnelInstanceIAMBindingandgcp.iap.TunnelInstanceIAMMemberor they will fight over what your policy should be.
Note:
gcp.iap.TunnelInstanceIAMBindingresources can be used in conjunction withgcp.iap.TunnelInstanceIAMMemberresources only if they do not grant privilege to the same role.
google_iap_tunnel_instance_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.tunnelResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new Gcp.Iap.TunnelInstanceIAMPolicyArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.tunnelResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new Gcp.Iap.TunnelInstanceIAMPolicyArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_tunnel_instance_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new Gcp.Iap.TunnelInstanceIAMBindingArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new Gcp.Iap.TunnelInstanceIAMBindingArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_tunnel_instance_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new Gcp.Iap.TunnelInstanceIAMMemberArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new Gcp.Iap.TunnelInstanceIAMMemberArgs
{
Project = google_compute_instance.Tunnelvm.Project,
Zone = google_compute_instance.Tunnelvm.Zone,
Instance = google_compute_instance.Tunnelvm.Name,
Role = "roles/iap.tunnelResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
TunnelInstanceIAMPolicyArgs
TunnelInstanceIAMPolicyState
WebBackendServiceIamBinding
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
gcp.iap.WebBackendServiceIamPolicy: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.gcp.iap.WebBackendServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.gcp.iap.WebBackendServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
Note:
gcp.iap.WebBackendServiceIamPolicycannot be used in conjunction withgcp.iap.WebBackendServiceIamBindingandgcp.iap.WebBackendServiceIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebBackendServiceIamBindingresources can be used in conjunction withgcp.iap.WebBackendServiceIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_backend_service_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new Gcp.Iap.WebBackendServiceIamPolicyArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new Gcp.Iap.WebBackendServiceIamPolicyArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_backend_service_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new Gcp.Iap.WebBackendServiceIamBindingArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new Gcp.Iap.WebBackendServiceIamBindingArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_backend_service_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebBackendServiceIamMember("member", new Gcp.Iap.WebBackendServiceIamMemberArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebBackendServiceIamMember("member", new Gcp.Iap.WebBackendServiceIamMemberArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebBackendServiceIamBindingArgs
WebBackendServiceIamBindingState
WebBackendServiceIamMember
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
gcp.iap.WebBackendServiceIamPolicy: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.gcp.iap.WebBackendServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.gcp.iap.WebBackendServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
Note:
gcp.iap.WebBackendServiceIamPolicycannot be used in conjunction withgcp.iap.WebBackendServiceIamBindingandgcp.iap.WebBackendServiceIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebBackendServiceIamBindingresources can be used in conjunction withgcp.iap.WebBackendServiceIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_backend_service_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new Gcp.Iap.WebBackendServiceIamPolicyArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new Gcp.Iap.WebBackendServiceIamPolicyArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_backend_service_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new Gcp.Iap.WebBackendServiceIamBindingArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new Gcp.Iap.WebBackendServiceIamBindingArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_backend_service_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebBackendServiceIamMember("member", new Gcp.Iap.WebBackendServiceIamMemberArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebBackendServiceIamMember("member", new Gcp.Iap.WebBackendServiceIamMemberArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebBackendServiceIamMemberArgs
WebBackendServiceIamMemberState
WebBackendServiceIamPolicy
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
gcp.iap.WebBackendServiceIamPolicy: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.gcp.iap.WebBackendServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.gcp.iap.WebBackendServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
Note:
gcp.iap.WebBackendServiceIamPolicycannot be used in conjunction withgcp.iap.WebBackendServiceIamBindingandgcp.iap.WebBackendServiceIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebBackendServiceIamBindingresources can be used in conjunction withgcp.iap.WebBackendServiceIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_backend_service_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new Gcp.Iap.WebBackendServiceIamPolicyArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new Gcp.Iap.WebBackendServiceIamPolicyArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_backend_service_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new Gcp.Iap.WebBackendServiceIamBindingArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new Gcp.Iap.WebBackendServiceIamBindingArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_backend_service_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebBackendServiceIamMember("member", new Gcp.Iap.WebBackendServiceIamMemberArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebBackendServiceIamMember("member", new Gcp.Iap.WebBackendServiceIamMemberArgs
{
Project = google_compute_backend_service.Default.Project,
WebBackendService = google_compute_backend_service.Default.Name,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebBackendServiceIamPolicyArgs
WebBackendServiceIamPolicyState
WebIamBinding
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
gcp.iap.WebIamPolicy: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.gcp.iap.WebIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.gcp.iap.WebIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
Note:
gcp.iap.WebIamPolicycannot be used in conjunction withgcp.iap.WebIamBindingandgcp.iap.WebIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebIamBindingresources can be used in conjunction withgcp.iap.WebIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebIamPolicy("policy", new Gcp.Iap.WebIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebIamPolicy("policy", new Gcp.Iap.WebIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebIamBinding("binding", new Gcp.Iap.WebIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebIamBinding("binding", new Gcp.Iap.WebIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebIamMember("member", new Gcp.Iap.WebIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebIamMember("member", new Gcp.Iap.WebIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebIamBindingArgs
WebIamBindingState
WebIamMember
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
gcp.iap.WebIamPolicy: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.gcp.iap.WebIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.gcp.iap.WebIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
Note:
gcp.iap.WebIamPolicycannot be used in conjunction withgcp.iap.WebIamBindingandgcp.iap.WebIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebIamBindingresources can be used in conjunction withgcp.iap.WebIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebIamPolicy("policy", new Gcp.Iap.WebIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebIamPolicy("policy", new Gcp.Iap.WebIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebIamBinding("binding", new Gcp.Iap.WebIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebIamBinding("binding", new Gcp.Iap.WebIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebIamMember("member", new Gcp.Iap.WebIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebIamMember("member", new Gcp.Iap.WebIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebIamMemberArgs
WebIamMemberState
WebIamPolicy
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
gcp.iap.WebIamPolicy: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.gcp.iap.WebIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.gcp.iap.WebIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
Note:
gcp.iap.WebIamPolicycannot be used in conjunction withgcp.iap.WebIamBindingandgcp.iap.WebIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebIamBindingresources can be used in conjunction withgcp.iap.WebIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebIamPolicy("policy", new Gcp.Iap.WebIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebIamPolicy("policy", new Gcp.Iap.WebIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebIamBinding("binding", new Gcp.Iap.WebIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebIamBinding("binding", new Gcp.Iap.WebIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebIamMember("member", new Gcp.Iap.WebIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebIamMember("member", new Gcp.Iap.WebIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebIamPolicyArgs
WebIamPolicyState
WebTypeAppEngingIamBinding
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
gcp.iap.WebTypeAppEngingIamPolicy: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.gcp.iap.WebTypeAppEngingIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.gcp.iap.WebTypeAppEngingIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
Note:
gcp.iap.WebTypeAppEngingIamPolicycannot be used in conjunction withgcp.iap.WebTypeAppEngingIamBindingandgcp.iap.WebTypeAppEngingIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebTypeAppEngingIamBindingresources can be used in conjunction withgcp.iap.WebTypeAppEngingIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_type_app_engine_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new Gcp.Iap.WebTypeAppEngingIamPolicyArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new Gcp.Iap.WebTypeAppEngingIamPolicyArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_type_app_engine_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new Gcp.Iap.WebTypeAppEngingIamBindingArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new Gcp.Iap.WebTypeAppEngingIamBindingArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_type_app_engine_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new Gcp.Iap.WebTypeAppEngingIamMemberArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new Gcp.Iap.WebTypeAppEngingIamMemberArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebTypeAppEngingIamBindingArgs
WebTypeAppEngingIamBindingState
WebTypeAppEngingIamMember
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
gcp.iap.WebTypeAppEngingIamPolicy: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.gcp.iap.WebTypeAppEngingIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.gcp.iap.WebTypeAppEngingIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
Note:
gcp.iap.WebTypeAppEngingIamPolicycannot be used in conjunction withgcp.iap.WebTypeAppEngingIamBindingandgcp.iap.WebTypeAppEngingIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebTypeAppEngingIamBindingresources can be used in conjunction withgcp.iap.WebTypeAppEngingIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_type_app_engine_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new Gcp.Iap.WebTypeAppEngingIamPolicyArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new Gcp.Iap.WebTypeAppEngingIamPolicyArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_type_app_engine_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new Gcp.Iap.WebTypeAppEngingIamBindingArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new Gcp.Iap.WebTypeAppEngingIamBindingArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_type_app_engine_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new Gcp.Iap.WebTypeAppEngingIamMemberArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new Gcp.Iap.WebTypeAppEngingIamMemberArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebTypeAppEngingIamMemberArgs
WebTypeAppEngingIamMemberState
WebTypeAppEngingIamPolicy
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
gcp.iap.WebTypeAppEngingIamPolicy: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.gcp.iap.WebTypeAppEngingIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.gcp.iap.WebTypeAppEngingIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
Note:
gcp.iap.WebTypeAppEngingIamPolicycannot be used in conjunction withgcp.iap.WebTypeAppEngingIamBindingandgcp.iap.WebTypeAppEngingIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebTypeAppEngingIamBindingresources can be used in conjunction withgcp.iap.WebTypeAppEngingIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_type_app_engine_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new Gcp.Iap.WebTypeAppEngingIamPolicyArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new Gcp.Iap.WebTypeAppEngingIamPolicyArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_type_app_engine_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new Gcp.Iap.WebTypeAppEngingIamBindingArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new Gcp.Iap.WebTypeAppEngingIamBindingArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_type_app_engine_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new Gcp.Iap.WebTypeAppEngingIamMemberArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new Gcp.Iap.WebTypeAppEngingIamMemberArgs
{
Project = google_app_engine_application.App.Project,
AppId = google_app_engine_application.App.App_id,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebTypeAppEngingIamPolicyArgs
WebTypeAppEngingIamPolicyState
WebTypeComputeIamBinding
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
gcp.iap.WebTypeComputeIamPolicy: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.gcp.iap.WebTypeComputeIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.gcp.iap.WebTypeComputeIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
Note:
gcp.iap.WebTypeComputeIamPolicycannot be used in conjunction withgcp.iap.WebTypeComputeIamBindingandgcp.iap.WebTypeComputeIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebTypeComputeIamBindingresources can be used in conjunction withgcp.iap.WebTypeComputeIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_type_compute_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new Gcp.Iap.WebTypeComputeIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new Gcp.Iap.WebTypeComputeIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_type_compute_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new Gcp.Iap.WebTypeComputeIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new Gcp.Iap.WebTypeComputeIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_type_compute_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeComputeIamMember("member", new Gcp.Iap.WebTypeComputeIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeComputeIamMember("member", new Gcp.Iap.WebTypeComputeIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebTypeComputeIamBindingArgs
WebTypeComputeIamBindingState
WebTypeComputeIamMember
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
gcp.iap.WebTypeComputeIamPolicy: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.gcp.iap.WebTypeComputeIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.gcp.iap.WebTypeComputeIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
Note:
gcp.iap.WebTypeComputeIamPolicycannot be used in conjunction withgcp.iap.WebTypeComputeIamBindingandgcp.iap.WebTypeComputeIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebTypeComputeIamBindingresources can be used in conjunction withgcp.iap.WebTypeComputeIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_type_compute_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new Gcp.Iap.WebTypeComputeIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new Gcp.Iap.WebTypeComputeIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_type_compute_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new Gcp.Iap.WebTypeComputeIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new Gcp.Iap.WebTypeComputeIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_type_compute_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeComputeIamMember("member", new Gcp.Iap.WebTypeComputeIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeComputeIamMember("member", new Gcp.Iap.WebTypeComputeIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
WebTypeComputeIamMemberArgs
WebTypeComputeIamMemberState
WebTypeComputeIamPolicy
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
gcp.iap.WebTypeComputeIamPolicy: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.gcp.iap.WebTypeComputeIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.gcp.iap.WebTypeComputeIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
Note:
gcp.iap.WebTypeComputeIamPolicycannot be used in conjunction withgcp.iap.WebTypeComputeIamBindingandgcp.iap.WebTypeComputeIamMemberor they will fight over what your policy should be.
Note:
gcp.iap.WebTypeComputeIamBindingresources can be used in conjunction withgcp.iap.WebTypeComputeIamMemberresources only if they do not grant privilege to the same role.
google_iap_web_type_compute_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new Gcp.Iap.WebTypeComputeIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/iap.httpsResourceAccessor" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new Gcp.Iap.WebTypeComputeIamPolicyArgs
{
Project = google_project_service.Project_service.Project,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_iap_web_type_compute_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new Gcp.Iap.WebTypeComputeIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new Gcp.Iap.WebTypeComputeIamBindingArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_iap_web_type_compute_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeComputeIamMember("member", new Gcp.Iap.WebTypeComputeIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Iap.WebTypeComputeIamMember("member", new Gcp.Iap.WebTypeComputeIamMemberArgs
{
Project = google_project_service.Project_service.Project,
Role = "roles/iap.httpsResourceAccessor",
Member = "user:jane@example.com",
Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}