Class IAMCustomRole

Allows management of a customized Cloud IAM organization role. For more information see the official documentation and API.

Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by the provider, and new roles cannot share that name.

Example Usage

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var my_custom_role = new Gcp.Organizations.IAMCustomRole("my-custom-role", new Gcp.Organizations.IAMCustomRoleArgs
    {
        Description = "A description",
        OrgId = "123456789",
        Permissions = 
        {
            "iam.roles.list",
            "iam.roles.create",
            "iam.roles.delete",
        },
        RoleId = "myCustomRole",
        Title = "My Custom Role",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
IAMCustomRole
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Gcp.Organizations
Assembly: Pulumi.Gcp.dll
Syntax
public class IAMCustomRole : CustomResource

Constructors

View Source

IAMCustomRole(String, IAMCustomRoleArgs, CustomResourceOptions)

Create a IAMCustomRole resource with the given unique name, arguments, and options.

Declaration
public IAMCustomRole(string name, IAMCustomRoleArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
IAMCustomRoleArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Deleted

(Optional) The current deleted state of the role.

Declaration
public Output<bool> Deleted { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

Description

A human-readable description for the role.

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

OrgId

The numeric ID of the organization in which you want to create a custom role.

Declaration
public Output<string> OrgId { get; }
Property Value
Type Description
Output<System.String>
View Source

Permissions

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

Declaration
public Output<ImmutableArray<string>> Permissions { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

RoleId

The role id to use for this role.

Declaration
public Output<string> RoleId { get; }
Property Value
Type Description
Output<System.String>
View Source

Stage

The current launch stage of the role. Defaults to GA. List of possible stages is here.

Declaration
public Output<string> Stage { get; }
Property Value
Type Description
Output<System.String>
View Source

Title

A human-readable title for the role.

Declaration
public Output<string> Title { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, IAMCustomRoleState, CustomResourceOptions)

Get an existing IAMCustomRole resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static IAMCustomRole Get(string name, Input<string> id, IAMCustomRoleState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
IAMCustomRoleState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
IAMCustomRole