Class GetIAMPolicy

Inheritance

System.Object

GetIAMPolicy

Inherited Members

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Pulumi.Gcp.Organizations

Assembly: Pulumi.Gcp.dll

Syntax

public static class GetIAMPolicy

Methods

View Source

InvokeAsync(GetIAMPolicyArgs, InvokeOptions)

Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform resources, such as the gcp.organizations.Project resource.

Note: Several restrictions apply when setting IAM policies through this API. See the setIamPolicy docs for a list of these restrictions.

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
    {
        AuditConfigs = 
        {
            new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigArgs
            {
                AuditLogConfigs = 
                {
                    new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigArgs
                    {
                        ExemptedMembers = 
                        {
                            &quot;user:you@domain.com&quot;,
                        },
                        LogType = &quot;DATA_READ&quot;,
                    },
                    new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigArgs
                    {
                        LogType = &quot;DATA_WRITE&quot;,
                    },
                    new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigArgs
                    {
                        LogType = &quot;ADMIN_READ&quot;,
                    },
                },
                Service = &quot;cloudkms.googleapis.com&quot;,
            },
        },
        Bindings = 
        {
            new Gcp.Organizations.Inputs.GetIAMPolicyBindingArgs
            {
                Members = 
                {
                    &quot;serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com&quot;,
                },
                Role = &quot;roles/compute.instanceAdmin&quot;,
            },
            new Gcp.Organizations.Inputs.GetIAMPolicyBindingArgs
            {
                Members = 
                {
                    &quot;user:alice@gmail.com&quot;,
                },
                Role = &quot;roles/storage.objectViewer&quot;,
            },
        },
    }));
}

}

This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.

Declaration

public static Task<GetIAMPolicyResult> InvokeAsync(GetIAMPolicyArgs args = null, InvokeOptions options = null)

Parameters

Type	Name	Description
GetIAMPolicyArgs	args
InvokeOptions	options

Returns

Type	Description
System.Threading.Tasks.Task<GetIAMPolicyResult>