GetIAMPolicy

func LookupIAMPolicy(ctx *Context, args *LookupIAMPolicyArgs, opts ...InvokeOption) (*LookupIAMPolicyResult, error)

Note: This function is named LookupIAMPolicy in the Go SDK.

AuditConfigs List<GetIAMPolicyAuditConfigArgs>

A nested configuration block that defines logging additional configuration for your project.

Bindings List<GetIAMPolicyBindingArgs>

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

AuditConfigs []GetIAMPolicyAuditConfig

A nested configuration block that defines logging additional configuration for your project.

Bindings []GetIAMPolicyBinding

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

auditConfigs GetIAMPolicyAuditConfig[]

A nested configuration block that defines logging additional configuration for your project.

bindings GetIAMPolicyBinding[]

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

audit_configs List[GetIAMPolicyAuditConfig]

A nested configuration block that defines logging additional configuration for your project.

bindings List[GetIAMPolicyBinding]

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

Id string

The provider-assigned unique ID for this managed resource.

PolicyData string

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

AuditConfigs List<GetIAMPolicyAuditConfig>

Bindings List<GetIAMPolicyBinding>

Id string

The provider-assigned unique ID for this managed resource.

PolicyData string

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

AuditConfigs []GetIAMPolicyAuditConfig

Bindings []GetIAMPolicyBinding

id string

The provider-assigned unique ID for this managed resource.

policyData string

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

auditConfigs GetIAMPolicyAuditConfig[]

bindings GetIAMPolicyBinding[]

id str

The provider-assigned unique ID for this managed resource.

policy_data str

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

audit_configs List[GetIAMPolicyAuditConfig]

bindings List[GetIAMPolicyBinding]

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AuditLogConfigs List<GetIAMPolicyAuditConfigAuditLogConfigArgs>

A nested block that defines the operations you’d like to log.

Service string

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

AuditLogConfigs []GetIAMPolicyAuditConfigAuditLogConfig

A nested block that defines the operations you’d like to log.

Service string

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

auditLogConfigs GetIAMPolicyAuditConfigAuditLogConfig[]

A nested block that defines the operations you’d like to log.

service string

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

audit_log_configs List[GetIAMPolicyAuditConfigAuditLogConfig]

A nested block that defines the operations you’d like to log.

service str

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

LogType string

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

ExemptedMembers List<string>

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

LogType string

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

ExemptedMembers []string

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

logType string

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

exemptedMembers string[]

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

logType str

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

exemptedMembers List[str]

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Members List<string>

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. It can’t be used with the gcp.organizations.Project resource. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. It can’t be used with the gcp.organizations.Project resource. * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com. * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

Role string

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

Condition GetIAMPolicyBindingConditionArgs

Members []string

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. It can’t be used with the gcp.organizations.Project resource. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. It can’t be used with the gcp.organizations.Project resource. * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com. * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

Role string

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

Condition GetIAMPolicyBindingCondition

members string[]

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. It can’t be used with the gcp.organizations.Project resource. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. It can’t be used with the gcp.organizations.Project resource. * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com. * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

role string

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

condition GetIAMPolicyBindingCondition

members List[str]

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. It can’t be used with the gcp.organizations.Project resource. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. It can’t be used with the gcp.organizations.Project resource. * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com. * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

role str

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

condition Dict[GetIAMPolicyBindingCondition]

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Expression string

Title string

Description string

Expression string

Title string

Description string

expression string

title string

description string

expression str

title str

description str