1. Docs
  2. Reference
  3. API
  4. @pulumi/gcp
  5. spanner

Module spanner

This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

Resources

Others

Resources

Resource Database

class Database extends CustomResource

A Cloud Spanner Database which is hosted on a Spanner instance.

To get more information about Database, see:

Example Usage - Spanner Database Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const main = new gcp.spanner.Instance("main", {
    config: "regional-europe-west1",
    displayName: "main-instance",
});
const database = new gcp.spanner.Database("database", {
    instance: main.name,
    ddls: [
        "CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1)",
        "CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2)",
    ],
});

constructor

new Database(name: string, args: DatabaseArgs, opts?: pulumi.CustomResourceOptions)

Create a Database resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseState, opts?: pulumi.CustomResourceOptions): Database

Get an existing Database resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Database

Returns true if the given object is an instance of Database. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property ddls

public ddls: pulumi.Output<string[] | undefined>;

An optional list of DDL statements to run inside the newly created database. Statements can create tables, indexes, etc. These statements execute atomically with the creation of the database: if there is an error in any statement, the database is not created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The instance to create the database on.

property name

public name: pulumi.Output<string>;

A unique identifier for the database, which cannot be changed after the instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

public state: pulumi.Output<string>;

An explanation of the status of the database.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DatabaseIAMBinding

class DatabaseIAMBinding extends CustomResource

Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:

  • gcp.spanner.DatabaseIAMPolicy: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your database using gcp.spanner.DatabaseIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.DatabaseIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.
  • gcp.spanner.DatabaseIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.

Note: gcp.spanner.DatabaseIAMPolicy cannot be used in conjunction with gcp.spanner.DatabaseIAMBinding and gcp.spanner.DatabaseIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.DatabaseIAMBinding resources can be used in conjunction with gcp.spanner.DatabaseIAMMember resources only if they do not grant privilege to the same role.

google_spanner_database_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/editor",
        members: ["user:jane@example.com"],
    }],
});
const database = new gcp.spanner.DatabaseIAMPolicy("database", {
    instance: "your-instance-name",
    database: "your-database-name",
    policyData: admin.then(admin => admin.policyData),
});

google_spanner_database_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMBinding("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_database_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMMember("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new DatabaseIAMBinding(name: string, args: DatabaseIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a DatabaseIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseIAMBindingState, opts?: pulumi.CustomResourceOptions): DatabaseIAMBinding

Get an existing DatabaseIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DatabaseIAMBinding

Returns true if the given object is an instance of DatabaseIAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<DatabaseIAMBindingCondition | undefined>;

property database

public database: pulumi.Output<string>;

The name of the Spanner database.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the database’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the Spanner instance the database belongs to.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DatabaseIAMMember

class DatabaseIAMMember extends CustomResource

Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:

  • gcp.spanner.DatabaseIAMPolicy: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your database using gcp.spanner.DatabaseIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.DatabaseIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.
  • gcp.spanner.DatabaseIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.

Note: gcp.spanner.DatabaseIAMPolicy cannot be used in conjunction with gcp.spanner.DatabaseIAMBinding and gcp.spanner.DatabaseIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.DatabaseIAMBinding resources can be used in conjunction with gcp.spanner.DatabaseIAMMember resources only if they do not grant privilege to the same role.

google_spanner_database_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/editor",
        members: ["user:jane@example.com"],
    }],
});
const database = new gcp.spanner.DatabaseIAMPolicy("database", {
    instance: "your-instance-name",
    database: "your-database-name",
    policyData: admin.then(admin => admin.policyData),
});

google_spanner_database_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMBinding("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_database_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMMember("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new DatabaseIAMMember(name: string, args: DatabaseIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a DatabaseIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseIAMMemberState, opts?: pulumi.CustomResourceOptions): DatabaseIAMMember

Get an existing DatabaseIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DatabaseIAMMember

Returns true if the given object is an instance of DatabaseIAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<DatabaseIAMMemberCondition | undefined>;

property database

public database: pulumi.Output<string>;

The name of the Spanner database.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the database’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the Spanner instance the database belongs to.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DatabaseIAMPolicy

class DatabaseIAMPolicy extends CustomResource

Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:

  • gcp.spanner.DatabaseIAMPolicy: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your database using gcp.spanner.DatabaseIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.DatabaseIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.
  • gcp.spanner.DatabaseIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.

Note: gcp.spanner.DatabaseIAMPolicy cannot be used in conjunction with gcp.spanner.DatabaseIAMBinding and gcp.spanner.DatabaseIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.DatabaseIAMBinding resources can be used in conjunction with gcp.spanner.DatabaseIAMMember resources only if they do not grant privilege to the same role.

google_spanner_database_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/editor",
        members: ["user:jane@example.com"],
    }],
});
const database = new gcp.spanner.DatabaseIAMPolicy("database", {
    instance: "your-instance-name",
    database: "your-database-name",
    policyData: admin.then(admin => admin.policyData),
});

google_spanner_database_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMBinding("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_database_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMMember("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new DatabaseIAMPolicy(name: string, args: DatabaseIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a DatabaseIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseIAMPolicyState, opts?: pulumi.CustomResourceOptions): DatabaseIAMPolicy

Get an existing DatabaseIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DatabaseIAMPolicy

Returns true if the given object is an instance of DatabaseIAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property database

public database: pulumi.Output<string>;

The name of the Spanner database.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the database’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the Spanner instance the database belongs to.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Instance

class Instance extends CustomResource

An isolated set of Cloud Spanner resources on which databases can be hosted.

To get more information about Instance, see:

Example Usage - Spanner Instance Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const example = new gcp.spanner.Instance("example", {
    config: "regional-us-central1",
    displayName: "Test Spanner Instance",
    labels: {
        foo: "bar",
    },
    numNodes: 2,
});

constructor

new Instance(name: string, args: InstanceArgs, opts?: pulumi.CustomResourceOptions)

Create a Instance resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceState, opts?: pulumi.CustomResourceOptions): Instance

Get an existing Instance resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Instance

Returns true if the given object is an instance of Instance. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property config

public config: pulumi.Output<string>;

The name of the instance’s configuration (similar but not quite the same as a region) which defines defines the geographic placement and replication of your databases in this instance. It determines where your data is stored. Values are typically of the form regional-europe-west1 , us-central etc. In order to obtain a valid list please consult the Configuration section of the docs.

property displayName

public displayName: pulumi.Output<string>;

The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property labels

public labels: pulumi.Output<{[key: string]: string} | undefined>;

An object containing a list of “key”: value pairs. Example: { “name”: “wrench”, “mass”: “1.3kg”, “count”: “3” }.

property name

public name: pulumi.Output<string>;

A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length.

property numNodes

public numNodes: pulumi.Output<number | undefined>;

The number of nodes allocated to this instance.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

public state: pulumi.Output<string>;

Instance status: ‘CREATING’ or ‘READY’.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource InstanceIAMBinding

class InstanceIAMBinding extends CustomResource

Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:

  • gcp.spanner.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your instance using gcp.spanner.InstanceIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • gcp.spanner.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: gcp.spanner.InstanceIAMPolicy cannot be used in conjunction with gcp.spanner.InstanceIAMBinding and gcp.spanner.InstanceIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.InstanceIAMBinding resources can be used in conjunction with gcp.spanner.InstanceIAMMember resources only if they do not grant privilege to the same role.

google_spanner_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/editor",
        members: ["user:jane@example.com"],
    }],
});
const instance = new gcp.spanner.InstanceIAMPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.then(admin => admin.policyData),
});

google_spanner_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new InstanceIAMBinding(name: string, args: InstanceIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceIAMBindingState, opts?: pulumi.CustomResourceOptions): InstanceIAMBinding

Get an existing InstanceIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is InstanceIAMBinding

Returns true if the given object is an instance of InstanceIAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<InstanceIAMBindingCondition | undefined>;

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource InstanceIAMMember

class InstanceIAMMember extends CustomResource

Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:

  • gcp.spanner.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your instance using gcp.spanner.InstanceIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • gcp.spanner.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: gcp.spanner.InstanceIAMPolicy cannot be used in conjunction with gcp.spanner.InstanceIAMBinding and gcp.spanner.InstanceIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.InstanceIAMBinding resources can be used in conjunction with gcp.spanner.InstanceIAMMember resources only if they do not grant privilege to the same role.

google_spanner_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/editor",
        members: ["user:jane@example.com"],
    }],
});
const instance = new gcp.spanner.InstanceIAMPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.then(admin => admin.policyData),
});

google_spanner_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new InstanceIAMMember(name: string, args: InstanceIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceIAMMemberState, opts?: pulumi.CustomResourceOptions): InstanceIAMMember

Get an existing InstanceIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is InstanceIAMMember

Returns true if the given object is an instance of InstanceIAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property condition

public condition: pulumi.Output<InstanceIAMMemberCondition | undefined>;

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource InstanceIAMPolicy

class InstanceIAMPolicy extends CustomResource

Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:

  • gcp.spanner.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your instance using gcp.spanner.InstanceIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • gcp.spanner.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: gcp.spanner.InstanceIAMPolicy cannot be used in conjunction with gcp.spanner.InstanceIAMBinding and gcp.spanner.InstanceIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.InstanceIAMBinding resources can be used in conjunction with gcp.spanner.InstanceIAMMember resources only if they do not grant privilege to the same role.

google_spanner_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    binding: [{
        role: "roles/editor",
        members: ["user:jane@example.com"],
    }],
});
const instance = new gcp.spanner.InstanceIAMPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.then(admin => admin.policyData),
});

google_spanner_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new InstanceIAMPolicy(name: string, args: InstanceIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceIAMPolicyState, opts?: pulumi.CustomResourceOptions): InstanceIAMPolicy

Get an existing InstanceIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is InstanceIAMPolicy

Returns true if the given object is an instance of InstanceIAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

interface DatabaseArgs

interface DatabaseArgs

The set of arguments for constructing a Database resource.

property ddls

ddls?: pulumi.Input<pulumi.Input<string>[]>;

An optional list of DDL statements to run inside the newly created database. Statements can create tables, indexes, etc. These statements execute atomically with the creation of the database: if there is an error in any statement, the database is not created.

property instance

instance: pulumi.Input<string>;

The instance to create the database on.

property name

name?: pulumi.Input<string>;

A unique identifier for the database, which cannot be changed after the instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface DatabaseIAMBindingArgs

interface DatabaseIAMBindingArgs

The set of arguments for constructing a DatabaseIAMBinding resource.

property condition

condition?: pulumi.Input<DatabaseIAMBindingCondition>;

property database

database: pulumi.Input<string>;

The name of the Spanner database.

property instance

instance: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMBindingState

interface DatabaseIAMBindingState

Input properties used for looking up and filtering DatabaseIAMBinding resources.

property condition

condition?: pulumi.Input<DatabaseIAMBindingCondition>;

property database

database?: pulumi.Input<string>;

The name of the Spanner database.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the database’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMMemberArgs

interface DatabaseIAMMemberArgs

The set of arguments for constructing a DatabaseIAMMember resource.

property condition

condition?: pulumi.Input<DatabaseIAMMemberCondition>;

property database

database: pulumi.Input<string>;

The name of the Spanner database.

property instance

instance: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMMemberState

interface DatabaseIAMMemberState

Input properties used for looking up and filtering DatabaseIAMMember resources.

property condition

condition?: pulumi.Input<DatabaseIAMMemberCondition>;

property database

database?: pulumi.Input<string>;

The name of the Spanner database.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the database’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMPolicyArgs

interface DatabaseIAMPolicyArgs

The set of arguments for constructing a DatabaseIAMPolicy resource.

property database

database: pulumi.Input<string>;

The name of the Spanner database.

property instance

instance: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface DatabaseIAMPolicyState

interface DatabaseIAMPolicyState

Input properties used for looking up and filtering DatabaseIAMPolicy resources.

property database

database?: pulumi.Input<string>;

The name of the Spanner database.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the database’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface DatabaseState

interface DatabaseState

Input properties used for looking up and filtering Database resources.

property ddls

ddls?: pulumi.Input<pulumi.Input<string>[]>;

An optional list of DDL statements to run inside the newly created database. Statements can create tables, indexes, etc. These statements execute atomically with the creation of the database: if there is an error in any statement, the database is not created.

property instance

instance?: pulumi.Input<string>;

The instance to create the database on.

property name

name?: pulumi.Input<string>;

A unique identifier for the database, which cannot be changed after the instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

state?: pulumi.Input<string>;

An explanation of the status of the database.

interface InstanceArgs

interface InstanceArgs

The set of arguments for constructing a Instance resource.

property config

config: pulumi.Input<string>;

The name of the instance’s configuration (similar but not quite the same as a region) which defines defines the geographic placement and replication of your databases in this instance. It determines where your data is stored. Values are typically of the form regional-europe-west1 , us-central etc. In order to obtain a valid list please consult the Configuration section of the docs.

property displayName

displayName: pulumi.Input<string>;

The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

An object containing a list of “key”: value pairs. Example: { “name”: “wrench”, “mass”: “1.3kg”, “count”: “3” }.

property name

name?: pulumi.Input<string>;

A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length.

property numNodes

numNodes?: pulumi.Input<number>;

The number of nodes allocated to this instance.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface InstanceIAMBindingArgs

interface InstanceIAMBindingArgs

The set of arguments for constructing a InstanceIAMBinding resource.

property condition

condition?: pulumi.Input<InstanceIAMBindingCondition>;

property instance

instance: pulumi.Input<string>;

The name of the instance.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMBindingState

interface InstanceIAMBindingState

Input properties used for looking up and filtering InstanceIAMBinding resources.

property condition

condition?: pulumi.Input<InstanceIAMBindingCondition>;

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMMemberArgs

interface InstanceIAMMemberArgs

The set of arguments for constructing a InstanceIAMMember resource.

property condition

condition?: pulumi.Input<InstanceIAMMemberCondition>;

property instance

instance: pulumi.Input<string>;

The name of the instance.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMMemberState

interface InstanceIAMMemberState

Input properties used for looking up and filtering InstanceIAMMember resources.

property condition

condition?: pulumi.Input<InstanceIAMMemberCondition>;

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMPolicyArgs

interface InstanceIAMPolicyArgs

The set of arguments for constructing a InstanceIAMPolicy resource.

property instance

instance: pulumi.Input<string>;

The name of the instance.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface InstanceIAMPolicyState

interface InstanceIAMPolicyState

Input properties used for looking up and filtering InstanceIAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface InstanceState

interface InstanceState

Input properties used for looking up and filtering Instance resources.

property config

config?: pulumi.Input<string>;

The name of the instance’s configuration (similar but not quite the same as a region) which defines defines the geographic placement and replication of your databases in this instance. It determines where your data is stored. Values are typically of the form regional-europe-west1 , us-central etc. In order to obtain a valid list please consult the Configuration section of the docs.

property displayName

displayName?: pulumi.Input<string>;

The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

An object containing a list of “key”: value pairs. Example: { “name”: “wrench”, “mass”: “1.3kg”, “count”: “3” }.

property name

name?: pulumi.Input<string>;

A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length.

property numNodes

numNodes?: pulumi.Input<number>;

The number of nodes allocated to this instance.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

state?: pulumi.Input<string>;

Instance status: ‘CREATING’ or ‘READY’.