Class IAMPolicy
Allows management of the entire IAM policy for an existing Google Cloud Platform Organization.
!> Warning: New organizations have several default policies which will,
without extreme caution, be overwritten by use of this resource.
The safest alternative is to use multiple gcp.organizations.IAMBinding
resources. It is easy to use this resource to remove your own access to
an organization, which will require a call to Google Support to have
fixed, and can take multiple days to resolve. If you do use this resource,
the best way to be sure that you are not making dangerous changes is to start
by importing your existing policy, and examining the diff very closely.
Note: This resource must not be used in conjunction with
gcp.organizations.IAMMemberorgcp.organizations.IAMBindingor they will fight over what your policy should be.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/editor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Organizations.IAMPolicy("policy", new Gcp.Organizations.IAMPolicyArgs
{
OrgId = "123456789",
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
Inherited Members
Namespace: Pulumi.Gcp.Organizations
Assembly: Pulumi.Gcp.dll
Syntax
public class IAMPolicy : CustomResourceConstructors
View SourceIAMPolicy(String, IAMPolicyArgs, CustomResourceOptions)
Create a IAMPolicy resource with the given unique name, arguments, and options.
Declaration
public IAMPolicy(string name, IAMPolicyArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| IAMPolicyArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceEtag
Declaration
public Output<string> Etag { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
OrgId
The numeric ID of the organization in which you want to create a custom role.
Declaration
public Output<string> OrgId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
PolicyData
The gcp.organizations.getIAMPolicy data source that represents
the IAM policy that will be applied to the organization. This policy overrides any existing
policy applied to the organization.
Declaration
public Output<string> PolicyData { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, IAMPolicyState, CustomResourceOptions)
Get an existing IAMPolicy resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static IAMPolicy Get(string name, Input<string> id, IAMPolicyState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| IAMPolicyState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| IAMPolicy |