Namespace Pulumi.Gcp.Organizations
Classes
Folder
Allows management of a Google Cloud Platform folder. For more information see the official documentation and API.
A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of Cloud Platform resources. Folders allows you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies.
Folders created live inside an Organization. See the Organization documentation for more details.
The service account used to run the provider when creating a gcp.organizations.Folder
resource must have roles/resourcemanager.folderCreator. See the
Access Control for Folders Using IAM
doc for more information.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
// Top-level folder under an organization.
var department1 = new Gcp.Organizations.Folder("department1", new Gcp.Organizations.FolderArgs
{
DisplayName = "Department 1",
Parent = "organizations/1234567",
});
// Folder nested under another folder.
var team_abc = new Gcp.Organizations.Folder("team-abc", new Gcp.Organizations.FolderArgs
{
DisplayName = "Team ABC",
Parent = department1.Name,
});
}
}
FolderArgs
FolderState
GetActiveFolder
GetActiveFolderArgs
GetActiveFolderResult
GetBillingAccount
GetBillingAccountArgs
GetBillingAccountResult
GetClientConfig
GetClientConfigResult
GetClientOpenIdUserInfo
GetClientOpenIdUserInfoResult
GetFolder
GetFolderArgs
GetFolderResult
GetIAMPolicy
GetIAMPolicyArgs
GetIAMPolicyResult
GetOrganization
GetOrganizationArgs
GetOrganizationResult
GetProject
GetProjectArgs
GetProjectResult
IamAuditConfig
Allows management of audit logging config for a given service for a Google Cloud Platform Organization.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var config = new Gcp.Organizations.IamAuditConfig("config", new Gcp.Organizations.IamAuditConfigArgs
{
AuditLogConfigs =
{
new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs
{
ExemptedMembers =
{
"user:joebloggs@hashicorp.com",
},
LogType = "DATA_READ",
},
},
OrgId = "your-organization-id",
Service = "allServices",
});
}
}
IamAuditConfigArgs
IamAuditConfigState
IAMBinding
Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform Organization.
Note: This resource must not be used in conjunction with
gcp.organizations.IAMMemberfor the same role or they will fight over what your policy should be.
Note: On create, this resource will overwrite members of any existing roles. Use
pulumi importand inspect the `output to ensure your existing members are preserved.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Organizations.IAMBinding("binding", new Gcp.Organizations.IAMBindingArgs
{
Members =
{
"user:alice@gmail.com",
},
OrgId = "123456789",
Role = "roles/browser",
});
}
}
IAMBindingArgs
IAMBindingState
IAMCustomRole
Allows management of a customized Cloud IAM organization role. For more information see the official documentation and API.
Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by the provider, and new roles cannot share that name.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var my_custom_role = new Gcp.Organizations.IAMCustomRole("my-custom-role", new Gcp.Organizations.IAMCustomRoleArgs
{
Description = "A description",
OrgId = "123456789",
Permissions =
{
"iam.roles.list",
"iam.roles.create",
"iam.roles.delete",
},
RoleId = "myCustomRole",
Title = "My Custom Role",
});
}
}
IAMCustomRoleArgs
IAMCustomRoleState
IAMMember
Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud Platform Organization.
Note: This resource must not be used in conjunction with
gcp.organizations.IAMBindingfor the same role or they will fight over what your policy should be.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Organizations.IAMMember("binding", new Gcp.Organizations.IAMMemberArgs
{
Member = "user:alice@gmail.com",
OrgId = "0123456789",
Role = "roles/editor",
});
}
}
IAMMemberArgs
IAMMemberState
IAMPolicy
Allows management of the entire IAM policy for an existing Google Cloud Platform Organization.
!> Warning: New organizations have several default policies which will,
without extreme caution, be overwritten by use of this resource.
The safest alternative is to use multiple gcp.organizations.IAMBinding
resources. It is easy to use this resource to remove your own access to
an organization, which will require a call to Google Support to have
fixed, and can take multiple days to resolve. If you do use this resource,
the best way to be sure that you are not making dangerous changes is to start
by importing your existing policy, and examining the diff very closely.
Note: This resource must not be used in conjunction with
gcp.organizations.IAMMemberorgcp.organizations.IAMBindingor they will fight over what your policy should be.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/editor" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Organizations.IAMPolicy("policy", new Gcp.Organizations.IAMPolicyArgs
{
OrgId = "123456789",
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
IAMPolicyArgs
IAMPolicyState
Policy
Allows management of Organization policies for a Google Organization. For more information see the official documentation and API.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var serialPortPolicy = new Gcp.Organizations.Policy("serialPortPolicy", new Gcp.Organizations.PolicyArgs
{
BooleanPolicy = new Gcp.Organizations.Inputs.PolicyBooleanPolicyArgs
{
Enforced = true,
},
Constraint = "compute.disableSerialPortAccess",
OrgId = "123456789",
});
}
}
PolicyArgs
PolicyState
Project
Allows creation and management of a Google Cloud Platform project.
Projects created with this resource must be associated with an Organization. See the Organization documentation for more details.
The service account used to run this provider when creating a gcp.organizations.Project
resource must have roles/resourcemanager.projectCreator. See the
Access Control for Organizations Using IAM
doc for more information.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var myProject = new Gcp.Organizations.Project("myProject", new Gcp.Organizations.ProjectArgs
{
OrgId = "1234567",
ProjectId = "your-project-id",
});
}
}