Module iap

This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

Resources

Others

AppEngineServiceIamBindingArgs
AppEngineServiceIamBindingState
AppEngineServiceIamMemberArgs
AppEngineServiceIamMemberState
AppEngineServiceIamPolicyArgs
AppEngineServiceIamPolicyState
AppEngineVersionIamBindingArgs
AppEngineVersionIamBindingState
AppEngineVersionIamMemberArgs
AppEngineVersionIamMemberState
AppEngineVersionIamPolicyArgs
AppEngineVersionIamPolicyState
BrandArgs
BrandState
ClientArgs
ClientState
TunnelInstanceIAMBindingArgs
TunnelInstanceIAMBindingState
TunnelInstanceIAMMemberArgs
TunnelInstanceIAMMemberState
TunnelInstanceIAMPolicyArgs
TunnelInstanceIAMPolicyState
WebBackendServiceIamBindingArgs
WebBackendServiceIamBindingState
WebBackendServiceIamMemberArgs
WebBackendServiceIamMemberState
WebBackendServiceIamPolicyArgs
WebBackendServiceIamPolicyState
WebIamBindingArgs
WebIamBindingState
WebIamMemberArgs
WebIamMemberState
WebIamPolicyArgs
WebIamPolicyState
WebTypeAppEngingIamBindingArgs
WebTypeAppEngingIamBindingState
WebTypeAppEngingIamMemberArgs
WebTypeAppEngingIamMemberState
WebTypeAppEngingIamPolicyArgs
WebTypeAppEngingIamPolicyState
WebTypeComputeIamBindingArgs
WebTypeComputeIamBindingState
WebTypeComputeIamMemberArgs
WebTypeComputeIamMemberState
WebTypeComputeIamPolicyArgs
WebTypeComputeIamPolicyState

Resources

Resource AppEngineServiceIamBinding

class AppEngineServiceIamBinding extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:

gcp.iap.AppEngineServiceIamPolicy: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.
gcp.iap.AppEngineServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.
gcp.iap.AppEngineServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.

Note: gcp.iap.AppEngineServiceIamPolicy cannot be used in conjunction with gcp.iap.AppEngineServiceIamBinding and gcp.iap.AppEngineServiceIamMember or they will fight over what your policy should be.
Note: gcp.iap.AppEngineServiceIamBinding resources can be used in conjunction with gcp.iap.AppEngineServiceIamMember resources only if they do not grant privilege to the same role.

google_iap_app_engine_service_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_app_engine_service_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineServiceIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineServiceIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

google_iap_app_engine_service_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineServiceIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineServiceIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

constructor

new AppEngineServiceIamBinding(name: string, args: AppEngineServiceIamBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a AppEngineServiceIamBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AppEngineServiceIamBindingState, opts?: pulumi.CustomResourceOptions): AppEngineServiceIamBinding

Get an existing AppEngineServiceIamBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AppEngineServiceIamBinding

Returns true if the given object is an instance of AppEngineServiceIamBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

public condition: pulumi.Output<AppEngineServiceIamBindingCondition | undefined>;

An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.AppEngineServiceIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property service

public service: pulumi.Output<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AppEngineServiceIamMember

class AppEngineServiceIamMember extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:

gcp.iap.AppEngineServiceIamPolicy: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.
gcp.iap.AppEngineServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.
gcp.iap.AppEngineServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.

Note: gcp.iap.AppEngineServiceIamPolicy cannot be used in conjunction with gcp.iap.AppEngineServiceIamBinding and gcp.iap.AppEngineServiceIamMember or they will fight over what your policy should be.
Note: gcp.iap.AppEngineServiceIamBinding resources can be used in conjunction with gcp.iap.AppEngineServiceIamMember resources only if they do not grant privilege to the same role.

google_iap_app_engine_service_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_app_engine_service_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineServiceIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineServiceIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

google_iap_app_engine_service_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineServiceIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineServiceIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

constructor

new AppEngineServiceIamMember(name: string, args: AppEngineServiceIamMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a AppEngineServiceIamMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AppEngineServiceIamMemberState, opts?: pulumi.CustomResourceOptions): AppEngineServiceIamMember

Get an existing AppEngineServiceIamMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AppEngineServiceIamMember

Returns true if the given object is an instance of AppEngineServiceIamMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

public condition: pulumi.Output<AppEngineServiceIamMemberCondition | undefined>;

An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property service

public service: pulumi.Output<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AppEngineServiceIamPolicy

class AppEngineServiceIamPolicy extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:

gcp.iap.AppEngineServiceIamPolicy: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.
gcp.iap.AppEngineServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.
gcp.iap.AppEngineServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.

Note: gcp.iap.AppEngineServiceIamPolicy cannot be used in conjunction with gcp.iap.AppEngineServiceIamBinding and gcp.iap.AppEngineServiceIamMember or they will fight over what your policy should be.
Note: gcp.iap.AppEngineServiceIamBinding resources can be used in conjunction with gcp.iap.AppEngineServiceIamMember resources only if they do not grant privilege to the same role.

google_iap_app_engine_service_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_app_engine_service_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineServiceIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineServiceIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

google_iap_app_engine_service_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineServiceIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineServiceIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
});

constructor

new AppEngineServiceIamPolicy(name: string, args: AppEngineServiceIamPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a AppEngineServiceIamPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AppEngineServiceIamPolicyState, opts?: pulumi.CustomResourceOptions): AppEngineServiceIamPolicy

Get an existing AppEngineServiceIamPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AppEngineServiceIamPolicy

Returns true if the given object is an instance of AppEngineServiceIamPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

property service

public service: pulumi.Output<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AppEngineVersionIamBinding

class AppEngineVersionIamBinding extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:

gcp.iap.AppEngineVersionIamPolicy: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
gcp.iap.AppEngineVersionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
gcp.iap.AppEngineVersionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.

Note: gcp.iap.AppEngineVersionIamPolicy cannot be used in conjunction with gcp.iap.AppEngineVersionIamBinding and gcp.iap.AppEngineVersionIamMember or they will fight over what your policy should be.
Note: gcp.iap.AppEngineVersionIamBinding resources can be used in conjunction with gcp.iap.AppEngineVersionIamMember resources only if they do not grant privilege to the same role.

google_iap_app_engine_version_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    versionId: google_app_engine_standard_app_version.version.version_id,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    versionId: google_app_engine_standard_app_version.version.version_id,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_app_engine_version_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineVersionIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineVersionIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

google_iap_app_engine_version_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineVersionIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineVersionIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

constructor

new AppEngineVersionIamBinding(name: string, args: AppEngineVersionIamBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a AppEngineVersionIamBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AppEngineVersionIamBindingState, opts?: pulumi.CustomResourceOptions): AppEngineVersionIamBinding

Get an existing AppEngineVersionIamBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AppEngineVersionIamBinding

Returns true if the given object is an instance of AppEngineVersionIamBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

public condition: pulumi.Output<AppEngineVersionIamBindingCondition | undefined>;

An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.AppEngineVersionIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property service

public service: pulumi.Output<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versionId

public versionId: pulumi.Output<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

Resource AppEngineVersionIamMember

class AppEngineVersionIamMember extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:

gcp.iap.AppEngineVersionIamPolicy: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
gcp.iap.AppEngineVersionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
gcp.iap.AppEngineVersionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.

Note: gcp.iap.AppEngineVersionIamPolicy cannot be used in conjunction with gcp.iap.AppEngineVersionIamBinding and gcp.iap.AppEngineVersionIamMember or they will fight over what your policy should be.
Note: gcp.iap.AppEngineVersionIamBinding resources can be used in conjunction with gcp.iap.AppEngineVersionIamMember resources only if they do not grant privilege to the same role.

google_iap_app_engine_version_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    versionId: google_app_engine_standard_app_version.version.version_id,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    versionId: google_app_engine_standard_app_version.version.version_id,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_app_engine_version_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineVersionIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineVersionIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

google_iap_app_engine_version_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineVersionIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineVersionIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

constructor

new AppEngineVersionIamMember(name: string, args: AppEngineVersionIamMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a AppEngineVersionIamMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AppEngineVersionIamMemberState, opts?: pulumi.CustomResourceOptions): AppEngineVersionIamMember

Get an existing AppEngineVersionIamMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AppEngineVersionIamMember

Returns true if the given object is an instance of AppEngineVersionIamMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

public condition: pulumi.Output<AppEngineVersionIamMemberCondition | undefined>;

An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property service

public service: pulumi.Output<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versionId

public versionId: pulumi.Output<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

Resource AppEngineVersionIamPolicy

class AppEngineVersionIamPolicy extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:

gcp.iap.AppEngineVersionIamPolicy: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
gcp.iap.AppEngineVersionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
gcp.iap.AppEngineVersionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.

Note: gcp.iap.AppEngineVersionIamPolicy cannot be used in conjunction with gcp.iap.AppEngineVersionIamBinding and gcp.iap.AppEngineVersionIamMember or they will fight over what your policy should be.
Note: gcp.iap.AppEngineVersionIamBinding resources can be used in conjunction with gcp.iap.AppEngineVersionIamMember resources only if they do not grant privilege to the same role.

google_iap_app_engine_version_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    versionId: google_app_engine_standard_app_version.version.version_id,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", {
    project: google_app_engine_standard_app_version.version.project,
    appId: google_app_engine_standard_app_version.version.project,
    service: google_app_engine_standard_app_version.version.service,
    versionId: google_app_engine_standard_app_version.version.version_id,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_app_engine_version_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineVersionIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.AppEngineVersionIamBinding("binding", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    members: ["user:jane@example.com"],
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

google_iap_app_engine_version_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineVersionIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.AppEngineVersionIamMember("member", {
    appId: google_app_engine_standard_app_version_version.project,
    condition: {
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        title: "expiresAfter20191231",
    },
    member: "user:jane@example.com",
    project: google_app_engine_standard_app_version_version.project,
    role: "roles/iap.httpsResourceAccessor",
    service: google_app_engine_standard_app_version_version.service,
    versionId: google_app_engine_standard_app_version_version.versionId,
});

constructor

new AppEngineVersionIamPolicy(name: string, args: AppEngineVersionIamPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a AppEngineVersionIamPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AppEngineVersionIamPolicyState, opts?: pulumi.CustomResourceOptions): AppEngineVersionIamPolicy

Get an existing AppEngineVersionIamPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AppEngineVersionIamPolicy

Returns true if the given object is an instance of AppEngineVersionIamPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

property service

public service: pulumi.Output<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versionId

public versionId: pulumi.Output<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

Resource Brand

class Brand extends CustomResource

OAuth brand data. Only “Organization Internal” brands can be created programatically via API. To convert it into an external brands please use the GCP Console.

Note: Brands can be created only once for a Google Cloud Platform project and cannot be deleted. Destroying a provider-managed Brand will remove it from state but will not delete the resource on the server.

constructor

new Brand(name: string, args: BrandArgs, opts?: pulumi.CustomResourceOptions)

Create a Brand resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BrandState, opts?: pulumi.CustomResourceOptions): Brand

Get an existing Brand resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Brand

Returns true if the given object is an instance of Brand. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property applicationTitle

public applicationTitle: pulumi.Output<string>;

Application name displayed on OAuth consent screen.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Output only. Identifier of the brand, in the format ‘projects/{project_number}/brands/{brand_id}‘. NOTE: The brand identification corresponds to the project number as only one brand per project can be created.

property orgInternalOnly

public orgInternalOnly: pulumi.Output<boolean>;

Whether the brand is only intended for usage inside the GSuite organization only.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property supportEmail

public supportEmail: pulumi.Output<string>;

Support email displayed on the OAuth consent screen. Can be either a user or group email. When a user email is specified, the caller must be the user with the associated email address. When a group email is specified, the caller can be either a user or a service account which is an owner of the specified group in Cloud Identity.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Client

class Client extends CustomResource

Contains the data that describes an Identity Aware Proxy owned client.

Warning: All arguments including secret will be stored in the raw state as plain-text. Read more about secrets in state.

constructor

new Client(name: string, args: ClientArgs, opts?: pulumi.CustomResourceOptions)

Create a Client resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientState, opts?: pulumi.CustomResourceOptions): Client

Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Client

Returns true if the given object is an instance of Client. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property brand

public brand: pulumi.Output<string>;

Identifier of the brand to which this client is attached to. The format is projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}.

property clientId

public clientId: pulumi.Output<string>;

Output only. Unique identifier of the OAuth client.

property displayName

public displayName: pulumi.Output<string>;

Human-friendly name given to the OAuth client.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property secret

public secret: pulumi.Output<string>;

Output only. Client secret of the OAuth client.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource TunnelInstanceIAMBinding

class TunnelInstanceIAMBinding extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:

gcp.iap.TunnelInstanceIAMPolicy: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.
gcp.iap.TunnelInstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.
gcp.iap.TunnelInstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.

Note: gcp.iap.TunnelInstanceIAMPolicy cannot be used in conjunction with gcp.iap.TunnelInstanceIAMBinding and gcp.iap.TunnelInstanceIAMMember or they will fight over what your policy should be.
Note: gcp.iap.TunnelInstanceIAMBinding resources can be used in conjunction with gcp.iap.TunnelInstanceIAMMember resources only if they do not grant privilege to the same role.

google_iap_tunnel_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.tunnelResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.tunnelResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_tunnel_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_tunnel_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.TunnelInstanceIAMMember("member", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.TunnelInstanceIAMMember("member", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new TunnelInstanceIAMBinding(name: string, args: TunnelInstanceIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a TunnelInstanceIAMBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TunnelInstanceIAMBindingState, opts?: pulumi.CustomResourceOptions): TunnelInstanceIAMBinding

Get an existing TunnelInstanceIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TunnelInstanceIAMBinding

Returns true if the given object is an instance of TunnelInstanceIAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<TunnelInstanceIAMBindingCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

Used to find the parent resource to bind the IAM policy to

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.TunnelInstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zone

public zone: pulumi.Output<string>;

Resource TunnelInstanceIAMMember

class TunnelInstanceIAMMember extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:

gcp.iap.TunnelInstanceIAMPolicy: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.
gcp.iap.TunnelInstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.
gcp.iap.TunnelInstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.

Note: gcp.iap.TunnelInstanceIAMPolicy cannot be used in conjunction with gcp.iap.TunnelInstanceIAMBinding and gcp.iap.TunnelInstanceIAMMember or they will fight over what your policy should be.
Note: gcp.iap.TunnelInstanceIAMBinding resources can be used in conjunction with gcp.iap.TunnelInstanceIAMMember resources only if they do not grant privilege to the same role.

google_iap_tunnel_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.tunnelResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.tunnelResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_tunnel_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_tunnel_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.TunnelInstanceIAMMember("member", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.TunnelInstanceIAMMember("member", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new TunnelInstanceIAMMember(name: string, args: TunnelInstanceIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a TunnelInstanceIAMMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TunnelInstanceIAMMemberState, opts?: pulumi.CustomResourceOptions): TunnelInstanceIAMMember

Get an existing TunnelInstanceIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TunnelInstanceIAMMember

Returns true if the given object is an instance of TunnelInstanceIAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<TunnelInstanceIAMMemberCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

Used to find the parent resource to bind the IAM policy to

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zone

public zone: pulumi.Output<string>;

Resource TunnelInstanceIAMPolicy

class TunnelInstanceIAMPolicy extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:

gcp.iap.TunnelInstanceIAMPolicy: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.
gcp.iap.TunnelInstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.
gcp.iap.TunnelInstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.

Note: gcp.iap.TunnelInstanceIAMPolicy cannot be used in conjunction with gcp.iap.TunnelInstanceIAMBinding and gcp.iap.TunnelInstanceIAMMember or they will fight over what your policy should be.
Note: gcp.iap.TunnelInstanceIAMBinding resources can be used in conjunction with gcp.iap.TunnelInstanceIAMMember resources only if they do not grant privilege to the same role.

google_iap_tunnel_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.tunnelResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.tunnelResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_tunnel_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_tunnel_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.TunnelInstanceIAMMember("member", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.TunnelInstanceIAMMember("member", {
    project: google_compute_instance.tunnelvm.project,
    zone: google_compute_instance.tunnelvm.zone,
    instance: google_compute_instance.tunnelvm.name,
    role: "roles/iap.tunnelResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new TunnelInstanceIAMPolicy(name: string, args: TunnelInstanceIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a TunnelInstanceIAMPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TunnelInstanceIAMPolicyState, opts?: pulumi.CustomResourceOptions): TunnelInstanceIAMPolicy

Get an existing TunnelInstanceIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TunnelInstanceIAMPolicy

Returns true if the given object is an instance of TunnelInstanceIAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

Used to find the parent resource to bind the IAM policy to

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zone

public zone: pulumi.Output<string>;

Resource WebBackendServiceIamBinding

class WebBackendServiceIamBinding extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:

gcp.iap.WebBackendServiceIamPolicy: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.
gcp.iap.WebBackendServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.
gcp.iap.WebBackendServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.

Note: gcp.iap.WebBackendServiceIamPolicy cannot be used in conjunction with gcp.iap.WebBackendServiceIamBinding and gcp.iap.WebBackendServiceIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebBackendServiceIamBinding resources can be used in conjunction with gcp.iap.WebBackendServiceIamMember resources only if they do not grant privilege to the same role.

google_iap_web_backend_service_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_backend_service_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebBackendServiceIamBinding("binding", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebBackendServiceIamBinding("binding", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_backend_service_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebBackendServiceIamMember("member", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebBackendServiceIamMember("member", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebBackendServiceIamBinding(name: string, args: WebBackendServiceIamBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a WebBackendServiceIamBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebBackendServiceIamBindingState, opts?: pulumi.CustomResourceOptions): WebBackendServiceIamBinding

Get an existing WebBackendServiceIamBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebBackendServiceIamBinding

Returns true if the given object is an instance of WebBackendServiceIamBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<WebBackendServiceIamBindingCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.WebBackendServiceIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property webBackendService

public webBackendService: pulumi.Output<string>;

Used to find the parent resource to bind the IAM policy to

Resource WebBackendServiceIamMember

class WebBackendServiceIamMember extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:

gcp.iap.WebBackendServiceIamPolicy: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.
gcp.iap.WebBackendServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.
gcp.iap.WebBackendServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.

Note: gcp.iap.WebBackendServiceIamPolicy cannot be used in conjunction with gcp.iap.WebBackendServiceIamBinding and gcp.iap.WebBackendServiceIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebBackendServiceIamBinding resources can be used in conjunction with gcp.iap.WebBackendServiceIamMember resources only if they do not grant privilege to the same role.

google_iap_web_backend_service_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_backend_service_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebBackendServiceIamBinding("binding", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebBackendServiceIamBinding("binding", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_backend_service_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebBackendServiceIamMember("member", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebBackendServiceIamMember("member", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebBackendServiceIamMember(name: string, args: WebBackendServiceIamMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a WebBackendServiceIamMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebBackendServiceIamMemberState, opts?: pulumi.CustomResourceOptions): WebBackendServiceIamMember

Get an existing WebBackendServiceIamMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebBackendServiceIamMember

Returns true if the given object is an instance of WebBackendServiceIamMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<WebBackendServiceIamMemberCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property webBackendService

public webBackendService: pulumi.Output<string>;

Used to find the parent resource to bind the IAM policy to

Resource WebBackendServiceIamPolicy

class WebBackendServiceIamPolicy extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:

gcp.iap.WebBackendServiceIamPolicy: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.
gcp.iap.WebBackendServiceIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.
gcp.iap.WebBackendServiceIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.

Note: gcp.iap.WebBackendServiceIamPolicy cannot be used in conjunction with gcp.iap.WebBackendServiceIamBinding and gcp.iap.WebBackendServiceIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebBackendServiceIamBinding resources can be used in conjunction with gcp.iap.WebBackendServiceIamMember resources only if they do not grant privilege to the same role.

google_iap_web_backend_service_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_backend_service_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebBackendServiceIamBinding("binding", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebBackendServiceIamBinding("binding", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_backend_service_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebBackendServiceIamMember("member", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebBackendServiceIamMember("member", {
    project: google_compute_backend_service["default"].project,
    webBackendService: google_compute_backend_service["default"].name,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebBackendServiceIamPolicy(name: string, args: WebBackendServiceIamPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a WebBackendServiceIamPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebBackendServiceIamPolicyState, opts?: pulumi.CustomResourceOptions): WebBackendServiceIamPolicy

Get an existing WebBackendServiceIamPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebBackendServiceIamPolicy

Returns true if the given object is an instance of WebBackendServiceIamPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property webBackendService

public webBackendService: pulumi.Output<string>;

Used to find the parent resource to bind the IAM policy to

Resource WebIamBinding

class WebIamBinding extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:

gcp.iap.WebIamPolicy: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.
gcp.iap.WebIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.
gcp.iap.WebIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.

Note: gcp.iap.WebIamPolicy cannot be used in conjunction with gcp.iap.WebIamBinding and gcp.iap.WebIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebIamBinding resources can be used in conjunction with gcp.iap.WebIamMember resources only if they do not grant privilege to the same role.

google_iap_web_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebIamBinding(name: string, args: WebIamBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a WebIamBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebIamBindingState, opts?: pulumi.CustomResourceOptions): WebIamBinding

Get an existing WebIamBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebIamBinding

Returns true if the given object is an instance of WebIamBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<WebIamBindingCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.WebIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebIamMember

class WebIamMember extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:

gcp.iap.WebIamPolicy: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.
gcp.iap.WebIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.
gcp.iap.WebIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.

Note: gcp.iap.WebIamPolicy cannot be used in conjunction with gcp.iap.WebIamBinding and gcp.iap.WebIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebIamBinding resources can be used in conjunction with gcp.iap.WebIamMember resources only if they do not grant privilege to the same role.

google_iap_web_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebIamMember(name: string, args: WebIamMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a WebIamMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebIamMemberState, opts?: pulumi.CustomResourceOptions): WebIamMember

Get an existing WebIamMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebIamMember

Returns true if the given object is an instance of WebIamMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<WebIamMemberCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.WebIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebIamPolicy

class WebIamPolicy extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:

gcp.iap.WebIamPolicy: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.
gcp.iap.WebIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.
gcp.iap.WebIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.

Note: gcp.iap.WebIamPolicy cannot be used in conjunction with gcp.iap.WebIamBinding and gcp.iap.WebIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebIamBinding resources can be used in conjunction with gcp.iap.WebIamMember resources only if they do not grant privilege to the same role.

google_iap_web_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebIamPolicy(name: string, args: WebIamPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a WebIamPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebIamPolicyState, opts?: pulumi.CustomResourceOptions): WebIamPolicy

Get an existing WebIamPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebIamPolicy

Returns true if the given object is an instance of WebIamPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebTypeAppEngingIamBinding

class WebTypeAppEngingIamBinding extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:

gcp.iap.WebTypeAppEngingIamPolicy: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.
gcp.iap.WebTypeAppEngingIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.
gcp.iap.WebTypeAppEngingIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.

Note: gcp.iap.WebTypeAppEngingIamPolicy cannot be used in conjunction with gcp.iap.WebTypeAppEngingIamBinding and gcp.iap.WebTypeAppEngingIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebTypeAppEngingIamBinding resources can be used in conjunction with gcp.iap.WebTypeAppEngingIamMember resources only if they do not grant privilege to the same role.

google_iap_web_type_app_engine_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_type_app_engine_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_type_app_engine_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeAppEngingIamMember("member", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeAppEngingIamMember("member", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebTypeAppEngingIamBinding(name: string, args: WebTypeAppEngingIamBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a WebTypeAppEngingIamBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebTypeAppEngingIamBindingState, opts?: pulumi.CustomResourceOptions): WebTypeAppEngingIamBinding

Get an existing WebTypeAppEngingIamBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebTypeAppEngingIamBinding

Returns true if the given object is an instance of WebTypeAppEngingIamBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

public condition: pulumi.Output<WebTypeAppEngingIamBindingCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.WebTypeAppEngingIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebTypeAppEngingIamMember

class WebTypeAppEngingIamMember extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:

gcp.iap.WebTypeAppEngingIamPolicy: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.
gcp.iap.WebTypeAppEngingIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.
gcp.iap.WebTypeAppEngingIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.

Note: gcp.iap.WebTypeAppEngingIamPolicy cannot be used in conjunction with gcp.iap.WebTypeAppEngingIamBinding and gcp.iap.WebTypeAppEngingIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebTypeAppEngingIamBinding resources can be used in conjunction with gcp.iap.WebTypeAppEngingIamMember resources only if they do not grant privilege to the same role.

google_iap_web_type_app_engine_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_type_app_engine_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_type_app_engine_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeAppEngingIamMember("member", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeAppEngingIamMember("member", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebTypeAppEngingIamMember(name: string, args: WebTypeAppEngingIamMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a WebTypeAppEngingIamMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebTypeAppEngingIamMemberState, opts?: pulumi.CustomResourceOptions): WebTypeAppEngingIamMember

Get an existing WebTypeAppEngingIamMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebTypeAppEngingIamMember

Returns true if the given object is an instance of WebTypeAppEngingIamMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

public condition: pulumi.Output<WebTypeAppEngingIamMemberCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebTypeAppEngingIamPolicy

class WebTypeAppEngingIamPolicy extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:

gcp.iap.WebTypeAppEngingIamPolicy: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.
gcp.iap.WebTypeAppEngingIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.
gcp.iap.WebTypeAppEngingIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.

Note: gcp.iap.WebTypeAppEngingIamPolicy cannot be used in conjunction with gcp.iap.WebTypeAppEngingIamBinding and gcp.iap.WebTypeAppEngingIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebTypeAppEngingIamBinding resources can be used in conjunction with gcp.iap.WebTypeAppEngingIamMember resources only if they do not grant privilege to the same role.

google_iap_web_type_app_engine_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_type_app_engine_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_type_app_engine_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeAppEngingIamMember("member", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeAppEngingIamMember("member", {
    project: google_app_engine_application.app.project,
    appId: google_app_engine_application.app.app_id,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebTypeAppEngingIamPolicy(name: string, args: WebTypeAppEngingIamPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a WebTypeAppEngingIamPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebTypeAppEngingIamPolicyState, opts?: pulumi.CustomResourceOptions): WebTypeAppEngingIamPolicy

Get an existing WebTypeAppEngingIamPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebTypeAppEngingIamPolicy

Returns true if the given object is an instance of WebTypeAppEngingIamPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appId

public appId: pulumi.Output<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebTypeComputeIamBinding

class WebTypeComputeIamBinding extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:

gcp.iap.WebTypeComputeIamPolicy: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
gcp.iap.WebTypeComputeIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
gcp.iap.WebTypeComputeIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.

Note: gcp.iap.WebTypeComputeIamPolicy cannot be used in conjunction with gcp.iap.WebTypeComputeIamBinding and gcp.iap.WebTypeComputeIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebTypeComputeIamBinding resources can be used in conjunction with gcp.iap.WebTypeComputeIamMember resources only if they do not grant privilege to the same role.

google_iap_web_type_compute_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_type_compute_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeComputeIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeComputeIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_type_compute_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeComputeIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeComputeIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebTypeComputeIamBinding(name: string, args: WebTypeComputeIamBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a WebTypeComputeIamBinding resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebTypeComputeIamBindingState, opts?: pulumi.CustomResourceOptions): WebTypeComputeIamBinding

Get an existing WebTypeComputeIamBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebTypeComputeIamBinding

Returns true if the given object is an instance of WebTypeComputeIamBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<WebTypeComputeIamBindingCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.iap.WebTypeComputeIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebTypeComputeIamMember

class WebTypeComputeIamMember extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:

gcp.iap.WebTypeComputeIamPolicy: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
gcp.iap.WebTypeComputeIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
gcp.iap.WebTypeComputeIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.

Note: gcp.iap.WebTypeComputeIamPolicy cannot be used in conjunction with gcp.iap.WebTypeComputeIamBinding and gcp.iap.WebTypeComputeIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebTypeComputeIamBinding resources can be used in conjunction with gcp.iap.WebTypeComputeIamMember resources only if they do not grant privilege to the same role.

google_iap_web_type_compute_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_type_compute_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeComputeIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeComputeIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_type_compute_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeComputeIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeComputeIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebTypeComputeIamMember(name: string, args: WebTypeComputeIamMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a WebTypeComputeIamMember resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebTypeComputeIamMemberState, opts?: pulumi.CustomResourceOptions): WebTypeComputeIamMember

Get an existing WebTypeComputeIamMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebTypeComputeIamMember

Returns true if the given object is an instance of WebTypeComputeIamMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<WebTypeComputeIamMemberCondition | undefined>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebTypeComputeIamPolicy

class WebTypeComputeIamPolicy extends CustomResource

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:

gcp.iap.WebTypeComputeIamPolicy: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
gcp.iap.WebTypeComputeIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
gcp.iap.WebTypeComputeIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.

Note: gcp.iap.WebTypeComputeIamPolicy cannot be used in conjunction with gcp.iap.WebTypeComputeIamBinding and gcp.iap.WebTypeComputeIamMember or they will fight over what your policy should be.
Note: gcp.iap.WebTypeComputeIamBinding resources can be used in conjunction with gcp.iap.WebTypeComputeIamMember resources only if they do not grant privilege to the same role.

google_iap_web_type_compute_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
    }],
});
const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/iap.httpsResourceAccessor",
        members: ["user:jane@example.com"],
        condition: {
            title: "expiresAfter20191231",
            description: "Expiring at midnight of 2019-12-31",
            expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
        },
    }],
});
const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", {
    project: google_project_service.project_service.project,
    policyData: admin.then(admin => admin.policyData),
});

google_iap_web_type_compute_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeComputeIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.iap.WebTypeComputeIamBinding("binding", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    members: ["user:jane@example.com"],
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

google_iap_web_type_compute_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeComputeIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
});

With IAM Conditions:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.iap.WebTypeComputeIamMember("member", {
    project: google_project_service.project_service.project,
    role: "roles/iap.httpsResourceAccessor",
    member: "user:jane@example.com",
    condition: {
        title: "expiresAfter20191231",
        description: "Expiring at midnight of 2019-12-31",
        expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
    },
});

constructor

new WebTypeComputeIamPolicy(name: string, args: WebTypeComputeIamPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a WebTypeComputeIamPolicy resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebTypeComputeIamPolicyState, opts?: pulumi.CustomResourceOptions): WebTypeComputeIamPolicy

Get an existing WebTypeComputeIamPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebTypeComputeIamPolicy

Returns true if the given object is an instance of WebTypeComputeIamPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

interface AppEngineServiceIamBindingArgs

interface AppEngineServiceIamBindingArgs

The set of arguments for constructing a AppEngineServiceIamBinding resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineServiceIamBindingCondition>;

An IAM Condition for a given binding. Structure is documented below.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineServiceIamBindingState

interface AppEngineServiceIamBindingState

Input properties used for looking up and filtering AppEngineServiceIamBinding resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineServiceIamBindingCondition>;

An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineServiceIamMemberArgs

interface AppEngineServiceIamMemberArgs

The set of arguments for constructing a AppEngineServiceIamMember resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineServiceIamMemberCondition>;

An IAM Condition for a given binding. Structure is documented below.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineServiceIamMemberState

interface AppEngineServiceIamMemberState

Input properties used for looking up and filtering AppEngineServiceIamMember resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineServiceIamMemberCondition>;

An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineServiceIamPolicyArgs

interface AppEngineServiceIamPolicyArgs

The set of arguments for constructing a AppEngineServiceIamPolicy resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineServiceIamPolicyState

interface AppEngineServiceIamPolicyState

Input properties used for looking up and filtering AppEngineServiceIamPolicy resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineVersionIamBindingArgs

interface AppEngineVersionIamBindingArgs

The set of arguments for constructing a AppEngineVersionIamBinding resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineVersionIamBindingCondition>;

An IAM Condition for a given binding. Structure is documented below.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property versionId

versionId: pulumi.Input<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineVersionIamBindingState

interface AppEngineVersionIamBindingState

Input properties used for looking up and filtering AppEngineVersionIamBinding resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineVersionIamBindingCondition>;

An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property versionId

versionId?: pulumi.Input<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineVersionIamMemberArgs

interface AppEngineVersionIamMemberArgs

The set of arguments for constructing a AppEngineVersionIamMember resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineVersionIamMemberCondition>;

An IAM Condition for a given binding. Structure is documented below.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property versionId

versionId: pulumi.Input<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineVersionIamMemberState

interface AppEngineVersionIamMemberState

Input properties used for looking up and filtering AppEngineVersionIamMember resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<AppEngineVersionIamMemberCondition>;

An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property versionId

versionId?: pulumi.Input<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineVersionIamPolicyArgs

interface AppEngineVersionIamPolicyArgs

The set of arguments for constructing a AppEngineVersionIamPolicy resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property versionId

versionId: pulumi.Input<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface AppEngineVersionIamPolicyState

interface AppEngineVersionIamPolicyState

Input properties used for looking up and filtering AppEngineVersionIamPolicy resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

Service id of the App Engine application Used to find the parent resource to bind the IAM policy to

property versionId

versionId?: pulumi.Input<string>;

Version id of the App Engine application Used to find the parent resource to bind the IAM policy to

interface BrandArgs

interface BrandArgs

The set of arguments for constructing a Brand resource.

property applicationTitle

applicationTitle: pulumi.Input<string>;

Application name displayed on OAuth consent screen.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property supportEmail

supportEmail: pulumi.Input<string>;

interface BrandState

interface BrandState

Input properties used for looking up and filtering Brand resources.

property applicationTitle

applicationTitle?: pulumi.Input<string>;

Application name displayed on OAuth consent screen.

property name

name?: pulumi.Input<string>;

property orgInternalOnly

orgInternalOnly?: pulumi.Input<boolean>;

Whether the brand is only intended for usage inside the GSuite organization only.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property supportEmail

supportEmail?: pulumi.Input<string>;

interface ClientArgs

interface ClientArgs

The set of arguments for constructing a Client resource.

property brand

brand: pulumi.Input<string>;

Identifier of the brand to which this client is attached to. The format is projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}.

property displayName

displayName: pulumi.Input<string>;

Human-friendly name given to the OAuth client.

interface ClientState

interface ClientState

Input properties used for looking up and filtering Client resources.

property brand

brand?: pulumi.Input<string>;

Identifier of the brand to which this client is attached to. The format is projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}.

property clientId

clientId?: pulumi.Input<string>;

Output only. Unique identifier of the OAuth client.

property displayName

displayName?: pulumi.Input<string>;

Human-friendly name given to the OAuth client.

property secret

secret?: pulumi.Input<string>;

Output only. Client secret of the OAuth client.

interface TunnelInstanceIAMBindingArgs

interface TunnelInstanceIAMBindingArgs

The set of arguments for constructing a TunnelInstanceIAMBinding resource.

property condition

condition?: pulumi.Input<TunnelInstanceIAMBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property instance

instance: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property zone

zone?: pulumi.Input<string>;

interface TunnelInstanceIAMBindingState

interface TunnelInstanceIAMBindingState

Input properties used for looking up and filtering TunnelInstanceIAMBinding resources.

property condition

condition?: pulumi.Input<TunnelInstanceIAMBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property instance

instance?: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property zone

zone?: pulumi.Input<string>;

interface TunnelInstanceIAMMemberArgs

interface TunnelInstanceIAMMemberArgs

The set of arguments for constructing a TunnelInstanceIAMMember resource.

property condition

condition?: pulumi.Input<TunnelInstanceIAMMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property instance

instance: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property zone

zone?: pulumi.Input<string>;

interface TunnelInstanceIAMMemberState

interface TunnelInstanceIAMMemberState

Input properties used for looking up and filtering TunnelInstanceIAMMember resources.

property condition

condition?: pulumi.Input<TunnelInstanceIAMMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property instance

instance?: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property zone

zone?: pulumi.Input<string>;

interface TunnelInstanceIAMPolicyArgs

interface TunnelInstanceIAMPolicyArgs

The set of arguments for constructing a TunnelInstanceIAMPolicy resource.

property instance

instance: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property zone

zone?: pulumi.Input<string>;

interface TunnelInstanceIAMPolicyState

interface TunnelInstanceIAMPolicyState

Input properties used for looking up and filtering TunnelInstanceIAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property instance

instance?: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property zone

zone?: pulumi.Input<string>;

interface WebBackendServiceIamBindingArgs

interface WebBackendServiceIamBindingArgs

The set of arguments for constructing a WebBackendServiceIamBinding resource.

property condition

condition?: pulumi.Input<WebBackendServiceIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property webBackendService

webBackendService: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

interface WebBackendServiceIamBindingState

interface WebBackendServiceIamBindingState

Input properties used for looking up and filtering WebBackendServiceIamBinding resources.

property condition

condition?: pulumi.Input<WebBackendServiceIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property webBackendService

webBackendService?: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

interface WebBackendServiceIamMemberArgs

interface WebBackendServiceIamMemberArgs

The set of arguments for constructing a WebBackendServiceIamMember resource.

property condition

condition?: pulumi.Input<WebBackendServiceIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property webBackendService

webBackendService: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

interface WebBackendServiceIamMemberState

interface WebBackendServiceIamMemberState

Input properties used for looking up and filtering WebBackendServiceIamMember resources.

property condition

condition?: pulumi.Input<WebBackendServiceIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property webBackendService

webBackendService?: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

interface WebBackendServiceIamPolicyArgs

interface WebBackendServiceIamPolicyArgs

The set of arguments for constructing a WebBackendServiceIamPolicy resource.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property webBackendService

webBackendService: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

interface WebBackendServiceIamPolicyState

interface WebBackendServiceIamPolicyState

Input properties used for looking up and filtering WebBackendServiceIamPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

property webBackendService

webBackendService?: pulumi.Input<string>;

Used to find the parent resource to bind the IAM policy to

interface WebIamBindingArgs

interface WebIamBindingArgs

The set of arguments for constructing a WebIamBinding resource.

property condition

condition?: pulumi.Input<WebIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.iap.WebIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface WebIamBindingState

interface WebIamBindingState

Input properties used for looking up and filtering WebIamBinding resources.

property condition

condition?: pulumi.Input<WebIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.iap.WebIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface WebIamMemberArgs

interface WebIamMemberArgs

The set of arguments for constructing a WebIamMember resource.

property condition

condition?: pulumi.Input<WebIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.iap.WebIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface WebIamMemberState

interface WebIamMemberState

Input properties used for looking up and filtering WebIamMember resources.

property condition

condition?: pulumi.Input<WebIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.iap.WebIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface WebIamPolicyArgs

interface WebIamPolicyArgs

The set of arguments for constructing a WebIamPolicy resource.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

interface WebIamPolicyState

interface WebIamPolicyState

Input properties used for looking up and filtering WebIamPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

interface WebTypeAppEngingIamBindingArgs

interface WebTypeAppEngingIamBindingArgs

The set of arguments for constructing a WebTypeAppEngingIamBinding resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<WebTypeAppEngingIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

interface WebTypeAppEngingIamBindingState

interface WebTypeAppEngingIamBindingState

Input properties used for looking up and filtering WebTypeAppEngingIamBinding resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<WebTypeAppEngingIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

interface WebTypeAppEngingIamMemberArgs

interface WebTypeAppEngingIamMemberArgs

The set of arguments for constructing a WebTypeAppEngingIamMember resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<WebTypeAppEngingIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

interface WebTypeAppEngingIamMemberState

interface WebTypeAppEngingIamMemberState

Input properties used for looking up and filtering WebTypeAppEngingIamMember resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property condition

condition?: pulumi.Input<WebTypeAppEngingIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

interface WebTypeAppEngingIamPolicyArgs

interface WebTypeAppEngingIamPolicyArgs

The set of arguments for constructing a WebTypeAppEngingIamPolicy resource.

property appId

appId: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

interface WebTypeAppEngingIamPolicyState

interface WebTypeAppEngingIamPolicyState

Input properties used for looking up and filtering WebTypeAppEngingIamPolicy resources.

property appId

appId?: pulumi.Input<string>;

Id of the App Engine application. Used to find the parent resource to bind the IAM policy to

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

interface WebTypeComputeIamBindingArgs

interface WebTypeComputeIamBindingArgs

The set of arguments for constructing a WebTypeComputeIamBinding resource.

property condition

condition?: pulumi.Input<WebTypeComputeIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

interface WebTypeComputeIamBindingState

interface WebTypeComputeIamBindingState

Input properties used for looking up and filtering WebTypeComputeIamBinding resources.

property condition

condition?: pulumi.Input<WebTypeComputeIamBindingCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

interface WebTypeComputeIamMemberArgs

interface WebTypeComputeIamMemberArgs

The set of arguments for constructing a WebTypeComputeIamMember resource.

property condition

condition?: pulumi.Input<WebTypeComputeIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

interface WebTypeComputeIamMemberState

interface WebTypeComputeIamMemberState

Input properties used for looking up and filtering WebTypeComputeIamMember resources.

property condition

condition?: pulumi.Input<WebTypeComputeIamMemberCondition>;

) An IAM Condition for a given binding. Structure is documented below.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

interface WebTypeComputeIamPolicyArgs

interface WebTypeComputeIamPolicyArgs

The set of arguments for constructing a WebTypeComputeIamPolicy resource.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

interface WebTypeComputeIamPolicyState

interface WebTypeComputeIamPolicyState

Input properties used for looking up and filtering WebTypeComputeIamPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module iap

Resources

Others

Resources

google_iap_app_engine_service_iam_policy

google_iap_app_engine_service_iam_binding

google_iap_app_engine_service_iam_member

google_iap_app_engine_service_iam_policy

google_iap_app_engine_service_iam_binding

google_iap_app_engine_service_iam_member

google_iap_app_engine_service_iam_policy

google_iap_app_engine_service_iam_binding

google_iap_app_engine_service_iam_member

google_iap_app_engine_version_iam_policy

google_iap_app_engine_version_iam_binding

google_iap_app_engine_version_iam_member

google_iap_app_engine_version_iam_policy

google_iap_app_engine_version_iam_binding

google_iap_app_engine_version_iam_member

google_iap_app_engine_version_iam_policy

google_iap_app_engine_version_iam_binding

google_iap_app_engine_version_iam_member

google_iap_tunnel_instance_iam_policy

google_iap_tunnel_instance_iam_binding

google_iap_tunnel_instance_iam_member