Class DatabaseIAMMember

Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:

  • gcp.spanner.DatabaseIAMPolicy: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.

Warning: It's entirely possibly to lock yourself out of your database using gcp.spanner.DatabaseIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.DatabaseIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.
  • gcp.spanner.DatabaseIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.

Note: gcp.spanner.DatabaseIAMPolicy cannot be used in conjunction with gcp.spanner.DatabaseIAMBinding and gcp.spanner.DatabaseIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.DatabaseIAMBinding resources can be used in conjunction with gcp.spanner.DatabaseIAMMember resources only if they do not grant privilege to the same role.

google_spanner_database_iam_policy

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
    {
        Binding = 
        {

            {
                { "role", "roles/editor" },
                { "members", 
                {
                    "user:jane@example.com",
                } },
            },
        },
    }));
    var database = new Gcp.Spanner.DatabaseIAMPolicy("database", new Gcp.Spanner.DatabaseIAMPolicyArgs
    {
        Instance = "your-instance-name",
        Database = "your-database-name",
        PolicyData = admin.Apply(admin => admin.PolicyData),
    });
}

}

google_spanner_database_iam_binding

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var database = new Gcp.Spanner.DatabaseIAMBinding("database", new Gcp.Spanner.DatabaseIAMBindingArgs
    {
        Database = "your-database-name",
        Instance = "your-instance-name",
        Members = 
        {
            "user:jane@example.com",
        },
        Role = "roles/compute.networkUser",
    });
}

}

google_spanner_database_iam_member

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var database = new Gcp.Spanner.DatabaseIAMMember("database", new Gcp.Spanner.DatabaseIAMMemberArgs
    {
        Database = "your-database-name",
        Instance = "your-instance-name",
        Member = "user:jane@example.com",
        Role = "roles/compute.networkUser",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
DatabaseIAMMember
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Gcp.Spanner
Assembly: Pulumi.Gcp.dll
Syntax
public class DatabaseIAMMember : CustomResource

Constructors

View Source

DatabaseIAMMember(String, DatabaseIAMMemberArgs, CustomResourceOptions)

Create a DatabaseIAMMember resource with the given unique name, arguments, and options.

Declaration
public DatabaseIAMMember(string name, DatabaseIAMMemberArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
DatabaseIAMMemberArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Condition

Declaration
public Output<DatabaseIAMMemberCondition> Condition { get; }
Property Value
Type Description
Output<DatabaseIAMMemberCondition>
View Source

Database

The name of the Spanner database.

Declaration
public Output<string> Database { get; }
Property Value
Type Description
Output<System.String>
View Source

Etag

(Computed) The etag of the database's IAM policy.

Declaration
public Output<string> Etag { get; }
Property Value
Type Description
Output<System.String>
View Source

Instance

The name of the Spanner instance the database belongs to.

Declaration
public Output<string> Instance { get; }
Property Value
Type Description
Output<System.String>
View Source

Member

Declaration
public Output<string> Member { get; }
Property Value
Type Description
Output<System.String>
View Source

Project

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Declaration
public Output<string> Project { get; }
Property Value
Type Description
Output<System.String>
View Source

Role

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

Declaration
public Output<string> Role { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, DatabaseIAMMemberState, CustomResourceOptions)

Get an existing DatabaseIAMMember resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static DatabaseIAMMember Get(string name, Input<string> id, DatabaseIAMMemberState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
DatabaseIAMMemberState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
DatabaseIAMMember