Module folder

This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

Resources

Resource IAMBinding

class IAMBinding extends CustomResource

Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform folder.

Note: This resource must not be used in conjunction with gcp.folder.IAMPolicy or they will fight over what your policy should be.
Note: On create, this resource will overwrite members of any existing roles. Use pulumi import and inspect the output to ensure your existing members are preserved.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const department1 = new gcp.organizations.Folder("department1", {
    displayName: "Department 1",
    parent: "organizations/1234567",
});
const admin = new gcp.folder.IAMBinding("admin", {
    folder: department1.name,
    role: "roles/editor",
    members: ["user:alice@gmail.com"],
});

constructor

new IAMBinding(name: string, args: IAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMBindingState, opts?: pulumi.CustomResourceOptions): IAMBinding

Get an existing IAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IAMBinding

Returns true if the given object is an instance of IAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<IAMBindingCondition | undefined>;

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the folder’s IAM policy.

property folder

public folder: pulumi.Output<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

An array of identities that will be granted the privilege in the role. Each entry can have one of the following values: * user:{emailid}: An email address that is associated with a specific Google account. For example, alice@gmail.com. * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.folder.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IAMMember

class IAMMember extends CustomResource

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud Platform folder.

Note: This resource must not be used in conjunction with gcp.folder.IAMPolicy or they will fight over what your policy should be. Similarly, roles controlled by gcp.folder.IAMBinding should not be assigned to using gcp.folder.IAMMember.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const department1 = new gcp.organizations.Folder("department1", {
    displayName: "Department 1",
    parent: "organizations/1234567",
});
const admin = new gcp.folder.IAMMember("admin", {
    folder: department1.name,
    role: "roles/editor",
    member: "user:alice@gmail.com",
});

constructor

new IAMMember(name: string, args: IAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMMemberState, opts?: pulumi.CustomResourceOptions): IAMMember

Get an existing IAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IAMMember

Returns true if the given object is an instance of IAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<IAMMemberCondition | undefined>;

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the folder’s IAM policy.

property folder

public folder: pulumi.Output<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

The identity that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding This field can have one of the following values: * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

property role

public role: pulumi.Output<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IAMPolicy

class IAMPolicy extends CustomResource

Allows creation and management of the IAM policy for an existing Google Cloud Platform folder.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const department1 = new gcp.organizations.Folder("department1", {
    displayName: "Department 1",
    parent: "organizations/1234567",
});
const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/editor",
        members: ["user:jane@example.com"],
    }],
});
const folderAdminPolicy = new gcp.folder.IAMPolicy("folderAdminPolicy", {
    folder: department1.name,
    policyData: admin.then(admin => admin.policyData),
});

constructor

new IAMPolicy(name: string, args: IAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMPolicyState, opts?: pulumi.CustomResourceOptions): IAMPolicy

Get an existing IAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IAMPolicy

Returns true if the given object is an instance of IAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the folder’s IAM policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property folder

public folder: pulumi.Output<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the folder. This policy overrides any existing policy applied to the folder.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource OrganizationPolicy

class OrganizationPolicy extends CustomResource

Allows management of Organization policies for a Google Folder. For more information see the official documentation and API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const serialPortPolicy = new gcp.folder.OrganizationPolicy("serialPortPolicy", {
    booleanPolicy: {
        enforced: true,
    },
    constraint: "compute.disableSerialPortAccess",
    folder: "folders/123456789",
});

constructor

new OrganizationPolicy(name: string, args: OrganizationPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationPolicyState, opts?: pulumi.CustomResourceOptions): OrganizationPolicy

Get an existing OrganizationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is OrganizationPolicy

Returns true if the given object is an instance of OrganizationPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property booleanPolicy

public booleanPolicy: pulumi.Output<OrganizationPolicyBooleanPolicy | undefined>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

public constraint: pulumi.Output<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property folder

public folder: pulumi.Output<string>;

The resource name of the folder to set the policy for. Its format is folders/{folder_id}.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property listPolicy

public listPolicy: pulumi.Output<OrganizationPolicyListPolicy | undefined>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property restorePolicy

public restorePolicy: pulumi.Output<OrganizationPolicyRestorePolicy | undefined>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

public updateTime: pulumi.Output<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property version

public version: pulumi.Output<number>;

Version of the Policy. Default version is 0.

Functions

Function getOrganizationPolicy

getOrganizationPolicy(args: GetOrganizationPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetOrganizationPolicyResult>

Allows management of Organization policies for a Google Folder. For more information see the official documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const policy = gcp.folder.getOrganizationPolicy({
    folder: "folders/folderid",
    constraint: "constraints/compute.trustedImageProjects",
});
export const version = policy.then(policy => policy.version);

Others

interface GetOrganizationPolicyArgs

interface GetOrganizationPolicyArgs

A collection of arguments for invoking getOrganizationPolicy.

property constraint

constraint: string;

(Required) The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property folder

folder: string;

The resource name of the folder to set the policy for. Its format is folders/{folder_id}.

interface GetOrganizationPolicyResult

interface GetOrganizationPolicyResult

A collection of values returned by getOrganizationPolicy.

property booleanPolicies

booleanPolicies: GetOrganizationPolicyBooleanPolicy[];

property constraint

constraint: string;

property etag

etag: string;

property folder

folder: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property listPolicies

listPolicies: GetOrganizationPolicyListPolicy[];

property restorePolicies

restorePolicies: GetOrganizationPolicyRestorePolicy[];

property updateTime

updateTime: string;

property version

version: number;

interface IAMBindingArgs

interface IAMBindingArgs

The set of arguments for constructing a IAMBinding resource.

property condition

condition?: pulumi.Input<IAMBindingCondition>;

property folder

folder: pulumi.Input<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.folder.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMBindingState

interface IAMBindingState

Input properties used for looking up and filtering IAMBinding resources.

property condition

condition?: pulumi.Input<IAMBindingCondition>;

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the folder’s IAM policy.

property folder

folder?: pulumi.Input<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.folder.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMMemberArgs

interface IAMMemberArgs

The set of arguments for constructing a IAMMember resource.

property condition

condition?: pulumi.Input<IAMMemberCondition>;

property folder

folder: pulumi.Input<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property member

member: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMMemberState

interface IAMMemberState

Input properties used for looking up and filtering IAMMember resources.

property condition

condition?: pulumi.Input<IAMMemberCondition>;

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the folder’s IAM policy.

property folder

folder?: pulumi.Input<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property member

member?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMPolicyArgs

interface IAMPolicyArgs

The set of arguments for constructing a IAMPolicy resource.

property folder

folder: pulumi.Input<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property policyData

policyData: pulumi.Input<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the folder. This policy overrides any existing policy applied to the folder.

interface IAMPolicyState

interface IAMPolicyState

Input properties used for looking up and filtering IAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the folder’s IAM policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property folder

folder?: pulumi.Input<string>;

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

property policyData

policyData?: pulumi.Input<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the folder. This policy overrides any existing policy applied to the folder.

interface OrganizationPolicyArgs

interface OrganizationPolicyArgs

The set of arguments for constructing a OrganizationPolicy resource.

property booleanPolicy

booleanPolicy?: pulumi.Input<OrganizationPolicyBooleanPolicy>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property folder

folder: pulumi.Input<string>;

The resource name of the folder to set the policy for. Its format is folders/{folder_id}.

property listPolicy

listPolicy?: pulumi.Input<OrganizationPolicyListPolicy>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property restorePolicy

restorePolicy?: pulumi.Input<OrganizationPolicyRestorePolicy>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

interface OrganizationPolicyState

interface OrganizationPolicyState

Input properties used for looking up and filtering OrganizationPolicy resources.

property booleanPolicy

booleanPolicy?: pulumi.Input<OrganizationPolicyBooleanPolicy>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint?: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property folder

folder?: pulumi.Input<string>;

The resource name of the folder to set the policy for. Its format is folders/{folder_id}.

property listPolicy

listPolicy?: pulumi.Input<OrganizationPolicyListPolicy>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property restorePolicy

restorePolicy?: pulumi.Input<OrganizationPolicyRestorePolicy>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

updateTime?: pulumi.Input<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module folder

Resources

Functions

Others

Resources

Example Usage

Example Usage

Example Usage

Example Usage

Functions

Example Usage

Others