This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

folder¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class pulumi_gcp.folder.AwaitableGetOrganizationPolicyResult(boolean_policies=None, constraint=None, etag=None, folder=None, id=None, list_policies=None, restore_policies=None, update_time=None, version=None)¶

class pulumi_gcp.folder.GetOrganizationPolicyResult(boolean_policies=None, constraint=None, etag=None, folder=None, id=None, list_policies=None, restore_policies=None, update_time=None, version=None)¶

A collection of values returned by getOrganizationPolicy.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_gcp.folder.IAMBinding(resource_name, opts=None, condition=None, folder=None, members=None, role=None, __props__=None, __name__=None, __opts__=None)¶

Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform folder.

Note: This resource must not be used in conjunction with
folder.IAMPolicy or they will fight over what your policy should be.
Note: On create, this resource will overwrite members of any existing roles.
Use pulumi import and inspect the output to ensure your existing members are preserved.

import pulumi
import pulumi_gcp as gcp

department1 = gcp.organizations.Folder("department1",
    display_name="Department 1",
    parent="organizations/1234567")
admin = gcp.folder.IAMBinding("admin",
    folder=department1.name,
    role="roles/editor",
    members=["user:alice@gmail.com"])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
folder (pulumi.Input[str]) – The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
members (pulumi.Input[list]) – An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

* **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com.
* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

Parameters: role (pulumi.Input[str]) – The role that should be applied. Only one folder.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

description (pulumi.Input[str])
expression (pulumi.Input[str])
title (pulumi.Input[str])

etag: pulumi.Output[str] = None¶: (Computed) The etag of the folder’s IAM policy.

folder: pulumi.Output[str] = None¶: The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

members: pulumi.Output[list] = None¶

An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

user:{emailid}: An email address that is associated with a specific Google account. For example, alice@gmail.com.
serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

role: pulumi.Output[str] = None¶: The role that should be applied. Only one folder.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, condition=None, etag=None, folder=None, members=None, role=None)¶

Get an existing IAMBinding resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
etag (pulumi.Input[str]) – (Computed) The etag of the folder’s IAM policy.
folder (pulumi.Input[str]) – The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
members (pulumi.Input[list]) – An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

* **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com.
* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

Parameters: role (pulumi.Input[str]) – The role that should be applied. Only one folder.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

description (pulumi.Input[str])
expression (pulumi.Input[str])
title (pulumi.Input[str])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_gcp.folder.IAMMember(resource_name, opts=None, condition=None, folder=None, member=None, role=None, __props__=None, __name__=None, __opts__=None)¶

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud Platform folder.

Note: This resource must not be used in conjunction with
folder.IAMPolicy or they will fight over what your policy should be. Similarly, roles controlled by folder.IAMBinding should not be assigned to using folder.IAMMember.

import pulumi
import pulumi_gcp as gcp

department1 = gcp.organizations.Folder("department1",
    display_name="Department 1",
    parent="organizations/1234567")
admin = gcp.folder.IAMMember("admin",
    folder=department1.name,
    role="roles/editor",
    member="user:alice@gmail.com")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
folder (pulumi.Input[str]) – The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
member (pulumi.Input[str]) – The identity that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding This field can have one of the following values:

* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

Parameters: role (pulumi.Input[str]) – The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

description (pulumi.Input[str])
expression (pulumi.Input[str])
title (pulumi.Input[str])

etag: pulumi.Output[str] = None¶: (Computed) The etag of the folder’s IAM policy.

folder: pulumi.Output[str] = None¶: The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

member: pulumi.Output[str] = None¶

The identity that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding This field can have one of the following values:

user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

role: pulumi.Output[str] = None¶: The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, condition=None, etag=None, folder=None, member=None, role=None)¶

Get an existing IAMMember resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
etag (pulumi.Input[str]) – (Computed) The etag of the folder’s IAM policy.
folder (pulumi.Input[str]) – The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
member (pulumi.Input[str]) – The identity that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding This field can have one of the following values:

* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

Parameters: role (pulumi.Input[str]) – The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

description (pulumi.Input[str])
expression (pulumi.Input[str])
title (pulumi.Input[str])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_gcp.folder.IAMPolicy(resource_name, opts=None, folder=None, policy_data=None, __props__=None, __name__=None, __opts__=None)¶

Allows creation and management of the IAM policy for an existing Google Cloud Platform folder.

import pulumi
import pulumi_gcp as gcp

department1 = gcp.organizations.Folder("department1",
    display_name="Department 1",
    parent="organizations/1234567")
admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/editor",
    "members": ["user:jane@example.com"],
}])
folder_admin_policy = gcp.folder.IAMPolicy("folderAdminPolicy",
    folder=department1.name,
    policy_data=admin.policy_data)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
folder (pulumi.Input[str]) – The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
policy_data (pulumi.Input[str]) – The organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the folder. This policy overrides any existing policy applied to the folder.

etag: pulumi.Output[str] = None¶: (Computed) The etag of the folder’s IAM policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

folder: pulumi.Output[str] = None¶: The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

policy_data: pulumi.Output[str] = None¶: The organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the folder. This policy overrides any existing policy applied to the folder.

static get(resource_name, id, opts=None, etag=None, folder=None, policy_data=None)¶

Get an existing IAMPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
etag (pulumi.Input[str]) – (Computed) The etag of the folder’s IAM policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
folder (pulumi.Input[str]) – The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
policy_data (pulumi.Input[str]) – The organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the folder. This policy overrides any existing policy applied to the folder.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_gcp.folder.OrganizationPolicy(resource_name, opts=None, boolean_policy=None, constraint=None, folder=None, list_policy=None, restore_policy=None, version=None, __props__=None, __name__=None, __opts__=None)¶

Allows management of Organization policies for a Google Folder. For more information see the official documentation and API.

import pulumi
import pulumi_gcp as gcp

serial_port_policy = gcp.folder.OrganizationPolicy("serialPortPolicy",
    boolean_policy={
        "enforced": True,
    },
    constraint="compute.disableSerialPortAccess",
    folder="folders/123456789")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
boolean_policy (pulumi.Input[dict]) – A boolean policy is a constraint that is either enforced or not. Structure is documented below.
constraint (pulumi.Input[str]) – The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.
folder (pulumi.Input[str]) – The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
list_policy (pulumi.Input[dict]) – A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
restore_policy (pulumi.Input[dict]) – A restore policy is a constraint to restore the default policy. Structure is documented below.
version (pulumi.Input[float]) – Version of the Policy. Default version is 0.

The boolean_policy object supports the following:

enforced (pulumi.Input[bool]) - If true, then the Policy is enforced. If false, then any configuration is acceptable.

The list_policy object supports the following:

allow (pulumi.Input[dict]) - or deny - (Optional) One or the other must be set.
- all (pulumi.Input[bool]) - The policy allows or denies all values.
- values (pulumi.Input[list]) - The policy can define specific values that are allowed or denied.
deny (pulumi.Input[dict])
- all (pulumi.Input[bool]) - The policy allows or denies all values.
- values (pulumi.Input[list]) - The policy can define specific values that are allowed or denied.
inheritFromParent (pulumi.Input[bool]) - If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
suggestedValue (pulumi.Input[str]) - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

The restore_policy object supports the following:

default (pulumi.Input[bool]) - May only be set to true. If set, then the default Policy is restored.

boolean_policy: pulumi.Output[dict] = None¶

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

enforced (bool) - If true, then the Policy is enforced. If false, then any configuration is acceptable.

constraint: pulumi.Output[str] = None¶: The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

etag: pulumi.Output[str] = None¶: (Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

folder: pulumi.Output[str] = None¶: The resource name of the folder to set the policy for. Its format is folders/{folder_id}.

list_policy: pulumi.Output[dict] = None¶

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

allow (dict) - or deny - (Optional) One or the other must be set.
- all (bool) - The policy allows or denies all values.
- values (list) - The policy can define specific values that are allowed or denied.
deny (dict)
- all (bool) - The policy allows or denies all values.
- values (list) - The policy can define specific values that are allowed or denied.
inheritFromParent (bool) - If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
suggestedValue (str) - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

restore_policy: pulumi.Output[dict] = None¶

A restore policy is a constraint to restore the default policy. Structure is documented below.

default (bool) - May only be set to true. If set, then the default Policy is restored.

update_time: pulumi.Output[str] = None¶: (Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

version: pulumi.Output[float] = None¶: Version of the Policy. Default version is 0.

static get(resource_name, id, opts=None, boolean_policy=None, constraint=None, etag=None, folder=None, list_policy=None, restore_policy=None, update_time=None, version=None)¶

Get an existing OrganizationPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
boolean_policy (pulumi.Input[dict]) – A boolean policy is a constraint that is either enforced or not. Structure is documented below.
constraint (pulumi.Input[str]) –
The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.
etag (pulumi.Input[str]) – (Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
folder (pulumi.Input[str]) – The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
list_policy (pulumi.Input[dict]) – A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
restore_policy (pulumi.Input[dict]) – A restore policy is a constraint to restore the default policy. Structure is documented below.
update_time (pulumi.Input[str]) – (Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.
version (pulumi.Input[float]) – Version of the Policy. Default version is 0.

The boolean_policy object supports the following:

enforced (pulumi.Input[bool]) - If true, then the Policy is enforced. If false, then any configuration is acceptable.

The list_policy object supports the following:

allow (pulumi.Input[dict]) - or deny - (Optional) One or the other must be set.
- all (pulumi.Input[bool]) - The policy allows or denies all values.
- values (pulumi.Input[list]) - The policy can define specific values that are allowed or denied.
deny (pulumi.Input[dict])
- all (pulumi.Input[bool]) - The policy allows or denies all values.
- values (pulumi.Input[list]) - The policy can define specific values that are allowed or denied.
inheritFromParent (pulumi.Input[bool]) - If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
suggestedValue (pulumi.Input[str]) - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

The restore_policy object supports the following:

default (pulumi.Input[bool]) - May only be set to true. If set, then the default Policy is restored.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_gcp.folder.get_organization_policy(constraint=None, folder=None, opts=None)¶

Allows management of Organization policies for a Google Folder. For more information see the official documentation

import pulumi
import pulumi_gcp as gcp

policy = gcp.folder.get_organization_policy(folder="folders/folderid",
    constraint="constraints/compute.trustedImageProjects")
pulumi.export("version", policy.version)

Parameters

constraint (str) –
(Required) The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.
folder (str) – The resource name of the folder to set the policy for. Its format is folders/{folder_id}.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

folder¶

On This Page