All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.accesscontextmanager.kotlin.AccessPolicyIamBindingArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.accesscontextmanager.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs.builder
import com.pulumi.gcp.accesscontextmanager.kotlin.inputs.AccessPolicyIamBindingConditionArgs
import com.pulumi.gcp.accesscontextmanager.kotlin.inputs.AccessPolicyIamBindingConditionArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
 * * `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.
 * * `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.
 * * `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.
 * A data source can be used to retrieve policy data in advent you do not need creation
 * * `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy
 * > **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.
 * > **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.
 * ## gcp.accesscontextmanager.AccessPolicyIamPolicy
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const admin = gcp.organizations.getIAMPolicy({
 *     bindings: [{
 *         role: "roles/accesscontextmanager.policyAdmin",
 *         members: ["user:jane@example.com"],
 *     }],
 * });
 * const policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", {
 *     name: access_policy.name,
 *     policyData: admin.then(admin => admin.policyData),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
 *     role="roles/accesscontextmanager.policyAdmin",
 *     members=["user:jane@example.com"],
 * )])
 * policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy",
 *     name=access_policy["name"],
 *     policy_data=admin.policy_data)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
 *     {
 *         Bindings = new[]
 *         {
 *             new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
 *             {
 *                 Role = "roles/accesscontextmanager.policyAdmin",
 *                 Members = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *             },
 *         },
 *     });
 *     var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy("policy", new()
 *     {
 *         Name = access_policy.Name,
 *         PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
 * 			Bindings: []organizations.GetIAMPolicyBinding{
 * 				{
 * 					Role: "roles/accesscontextmanager.policyAdmin",
 * 					Members: []string{
 * 						"user:[email protected]",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, "policy", &accesscontextmanager.AccessPolicyIamPolicyArgs{
 * 			Name:       pulumi.Any(access_policy.Name),
 * 			PolicyData: pulumi.String(admin.PolicyData),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
 *             .bindings(GetIAMPolicyBindingArgs.builder()
 *                 .role("roles/accesscontextmanager.policyAdmin")
 *                 .members("user:[email protected]")
 *                 .build())
 *             .build());
 *         var policy = new AccessPolicyIamPolicy("policy", AccessPolicyIamPolicyArgs.builder()
 *             .name(access_policy.name())
 *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:accesscontextmanager:AccessPolicyIamPolicy
 *     properties:
 *       name: ${["access-policy"].name}
 *       policyData: ${admin.policyData}
 * variables:
 *   admin:
 *     fn::invoke:
 *       Function: gcp:organizations:getIAMPolicy
 *       Arguments:
 *         bindings:
 *           - role: roles/accesscontextmanager.policyAdmin
 *             members:
 *               - user:[email protected]
 * ```
 * 
 * ## gcp.accesscontextmanager.AccessPolicyIamBinding
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const binding = new gcp.accesscontextmanager.AccessPolicyIamBinding("binding", {
 *     name: access_policy.name,
 *     role: "roles/accesscontextmanager.policyAdmin",
 *     members: ["user:jane@example.com"],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding",
 *     name=access_policy["name"],
 *     role="roles/accesscontextmanager.policyAdmin",
 *     members=["user:jane@example.com"])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding("binding", new()
 *     {
 *         Name = access_policy.Name,
 *         Role = "roles/accesscontextmanager.policyAdmin",
 *         Members = new[]
 *         {
 *             "user:[email protected]",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, "binding", &accesscontextmanager.AccessPolicyIamBindingArgs{
 * 			Name: pulumi.Any(access_policy.Name),
 * 			Role: pulumi.String("roles/accesscontextmanager.policyAdmin"),
 * 			Members: pulumi.StringArray{
 * 				pulumi.String("user:[email protected]"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var binding = new AccessPolicyIamBinding("binding", AccessPolicyIamBindingArgs.builder()
 *             .name(access_policy.name())
 *             .role("roles/accesscontextmanager.policyAdmin")
 *             .members("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   binding:
 *     type: gcp:accesscontextmanager:AccessPolicyIamBinding
 *     properties:
 *       name: ${["access-policy"].name}
 *       role: roles/accesscontextmanager.policyAdmin
 *       members:
 *         - user:[email protected]
 * ```
 * 
 * ## gcp.accesscontextmanager.AccessPolicyIamMember
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const member = new gcp.accesscontextmanager.AccessPolicyIamMember("member", {
 *     name: access_policy.name,
 *     role: "roles/accesscontextmanager.policyAdmin",
 *     member: "user:[email protected]",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * member = gcp.accesscontextmanager.AccessPolicyIamMember("member",
 *     name=access_policy["name"],
 *     role="roles/accesscontextmanager.policyAdmin",
 *     member="user:[email protected]")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var member = new Gcp.AccessContextManager.AccessPolicyIamMember("member", new()
 *     {
 *         Name = access_policy.Name,
 *         Role = "roles/accesscontextmanager.policyAdmin",
 *         Member = "user:[email protected]",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, "member", &accesscontextmanager.AccessPolicyIamMemberArgs{
 * 			Name:   pulumi.Any(access_policy.Name),
 * 			Role:   pulumi.String("roles/accesscontextmanager.policyAdmin"),
 * 			Member: pulumi.String("user:[email protected]"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var member = new AccessPolicyIamMember("member", AccessPolicyIamMemberArgs.builder()
 *             .name(access_policy.name())
 *             .role("roles/accesscontextmanager.policyAdmin")
 *             .member("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   member:
 *     type: gcp:accesscontextmanager:AccessPolicyIamMember
 *     properties:
 *       name: ${["access-policy"].name}
 *       role: roles/accesscontextmanager.policyAdmin
 *       member: user:[email protected]
 * ```
 * 
 * ## gcp.accesscontextmanager.AccessPolicyIamPolicy
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const admin = gcp.organizations.getIAMPolicy({
 *     bindings: [{
 *         role: "roles/accesscontextmanager.policyAdmin",
 *         members: ["user:jane@example.com"],
 *     }],
 * });
 * const policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", {
 *     name: access_policy.name,
 *     policyData: admin.then(admin => admin.policyData),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
 *     role="roles/accesscontextmanager.policyAdmin",
 *     members=["user:jane@example.com"],
 * )])
 * policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy",
 *     name=access_policy["name"],
 *     policy_data=admin.policy_data)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
 *     {
 *         Bindings = new[]
 *         {
 *             new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
 *             {
 *                 Role = "roles/accesscontextmanager.policyAdmin",
 *                 Members = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *             },
 *         },
 *     });
 *     var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy("policy", new()
 *     {
 *         Name = access_policy.Name,
 *         PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
 * 			Bindings: []organizations.GetIAMPolicyBinding{
 * 				{
 * 					Role: "roles/accesscontextmanager.policyAdmin",
 * 					Members: []string{
 * 						"user:[email protected]",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, "policy", &accesscontextmanager.AccessPolicyIamPolicyArgs{
 * 			Name:       pulumi.Any(access_policy.Name),
 * 			PolicyData: pulumi.String(admin.PolicyData),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
 *             .bindings(GetIAMPolicyBindingArgs.builder()
 *                 .role("roles/accesscontextmanager.policyAdmin")
 *                 .members("user:[email protected]")
 *                 .build())
 *             .build());
 *         var policy = new AccessPolicyIamPolicy("policy", AccessPolicyIamPolicyArgs.builder()
 *             .name(access_policy.name())
 *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   policy:
 *     type: gcp:accesscontextmanager:AccessPolicyIamPolicy
 *     properties:
 *       name: ${["access-policy"].name}
 *       policyData: ${admin.policyData}
 * variables:
 *   admin:
 *     fn::invoke:
 *       Function: gcp:organizations:getIAMPolicy
 *       Arguments:
 *         bindings:
 *           - role: roles/accesscontextmanager.policyAdmin
 *             members:
 *               - user:[email protected]
 * ```
 * 
 * ## gcp.accesscontextmanager.AccessPolicyIamBinding
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const binding = new gcp.accesscontextmanager.AccessPolicyIamBinding("binding", {
 *     name: access_policy.name,
 *     role: "roles/accesscontextmanager.policyAdmin",
 *     members: ["user:jane@example.com"],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding",
 *     name=access_policy["name"],
 *     role="roles/accesscontextmanager.policyAdmin",
 *     members=["user:jane@example.com"])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding("binding", new()
 *     {
 *         Name = access_policy.Name,
 *         Role = "roles/accesscontextmanager.policyAdmin",
 *         Members = new[]
 *         {
 *             "user:[email protected]",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, "binding", &accesscontextmanager.AccessPolicyIamBindingArgs{
 * 			Name: pulumi.Any(access_policy.Name),
 * 			Role: pulumi.String("roles/accesscontextmanager.policyAdmin"),
 * 			Members: pulumi.StringArray{
 * 				pulumi.String("user:[email protected]"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var binding = new AccessPolicyIamBinding("binding", AccessPolicyIamBindingArgs.builder()
 *             .name(access_policy.name())
 *             .role("roles/accesscontextmanager.policyAdmin")
 *             .members("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   binding:
 *     type: gcp:accesscontextmanager:AccessPolicyIamBinding
 *     properties:
 *       name: ${["access-policy"].name}
 *       role: roles/accesscontextmanager.policyAdmin
 *       members:
 *         - user:[email protected]
 * ```
 * 
 * ## gcp.accesscontextmanager.AccessPolicyIamMember
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const member = new gcp.accesscontextmanager.AccessPolicyIamMember("member", {
 *     name: access_policy.name,
 *     role: "roles/accesscontextmanager.policyAdmin",
 *     member: "user:[email protected]",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * member = gcp.accesscontextmanager.AccessPolicyIamMember("member",
 *     name=access_policy["name"],
 *     role="roles/accesscontextmanager.policyAdmin",
 *     member="user:[email protected]")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var member = new Gcp.AccessContextManager.AccessPolicyIamMember("member", new()
 *     {
 *         Name = access_policy.Name,
 *         Role = "roles/accesscontextmanager.policyAdmin",
 *         Member = "user:[email protected]",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, "member", &accesscontextmanager.AccessPolicyIamMemberArgs{
 * 			Name:   pulumi.Any(access_policy.Name),
 * 			Role:   pulumi.String("roles/accesscontextmanager.policyAdmin"),
 * 			Member: pulumi.String("user:[email protected]"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;
 * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var member = new AccessPolicyIamMember("member", AccessPolicyIamMemberArgs.builder()
 *             .name(access_policy.name())
 *             .role("roles/accesscontextmanager.policyAdmin")
 *             .member("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   member:
 *     type: gcp:accesscontextmanager:AccessPolicyIamMember
 *     properties:
 *       name: ${["access-policy"].name}
 *       role: roles/accesscontextmanager.policyAdmin
 *       member: user:[email protected]
 * ```
 * 
 * ## Import
 * For all import syntaxes, the "resource in question" can take any of the following forms:
 * * accessPolicies/{{name}}
 * * {{name}}
 * Any variables not passed in the import command will be taken from the provider configuration.
 * Access Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.
 * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
 * ```sh
 * $ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor "accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:[email protected]"
 * ```
 * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
 * ```sh
 * $ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor "accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin"
 * ```
 * IAM policy imports use the identifier of the resource in question, e.g.
 * ```sh
 * $ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor accessPolicies/{{access_policy}}
 * ```
 * -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
 *  full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
 * @property condition
 * @property members Identities that will be granted the privilege in `role`.
 * Each entry can have one of the following values:
 * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
 * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
 * * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
 * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
 * * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
 * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
 * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
 * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
 * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
 * @property name Used to find the parent resource to bind the IAM policy to
 * @property role The role that should be applied. Only one
 * `gcp.accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format
 * `[projects|organizations]/{parent-name}/roles/{role-name}`.
 */
public data class AccessPolicyIamBindingArgs(
    public val condition: Output? = null,
    public val members: Output>? = null,
    public val name: Output? = null,
    public val role: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs =
        com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs.builder()
            .condition(condition?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .members(members?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .name(name?.applyValue({ args0 -> args0 }))
            .role(role?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [AccessPolicyIamBindingArgs].
 */
@PulumiTagMarker
public class AccessPolicyIamBindingArgsBuilder internal constructor() {
    private var condition: Output? = null

    private var members: Output>? = null

    private var name: Output? = null

    private var role: Output? = null

    /**
     * @param value
     */
    @JvmName("ggawfqovjdwgmpwx")
    public suspend fun condition(`value`: Output) {
        this.condition = value
    }

    /**
     * @param value Identities that will be granted the privilege in `role`.
     * Each entry can have one of the following values:
     * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
     * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
     * * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
     * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
     * * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
     * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
     * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
     * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
     * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
     */
    @JvmName("nsrdmbejmtcudnbq")
    public suspend fun members(`value`: Output>) {
        this.members = value
    }

    @JvmName("jxqujkklbntbspqa")
    public suspend fun members(vararg values: Output) {
        this.members = Output.all(values.asList())
    }

    /**
     * @param values Identities that will be granted the privilege in `role`.
     * Each entry can have one of the following values:
     * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
     * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
     * * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
     * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
     * * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
     * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
     * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
     * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
     * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
     */
    @JvmName("syjnhlaefkfsnehv")
    public suspend fun members(values: List>) {
        this.members = Output.all(values)
    }

    /**
     * @param value Used to find the parent resource to bind the IAM policy to
     */
    @JvmName("wglruwjmivoditcu")
    public suspend fun name(`value`: Output) {
        this.name = value
    }

    /**
     * @param value The role that should be applied. Only one
     * `gcp.accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format
     * `[projects|organizations]/{parent-name}/roles/{role-name}`.
     */
    @JvmName("akrajpbuhqbrlaly")
    public suspend fun role(`value`: Output) {
        this.role = value
    }

    /**
     * @param value
     */
    @JvmName("alpgtgucbknxtsiw")
    public suspend fun condition(`value`: AccessPolicyIamBindingConditionArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.condition = mapped
    }

    /**
     * @param argument
     */
    @JvmName("srthevgkydmhpwkx")
    public suspend fun condition(argument: suspend AccessPolicyIamBindingConditionArgsBuilder.() -> Unit) {
        val toBeMapped = AccessPolicyIamBindingConditionArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.condition = mapped
    }

    /**
     * @param value Identities that will be granted the privilege in `role`.
     * Each entry can have one of the following values:
     * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
     * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
     * * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
     * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
     * * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
     * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
     * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
     * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
     * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
     */
    @JvmName("mhbivebwjhiwwqvd")
    public suspend fun members(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.members = mapped
    }

    /**
     * @param values Identities that will be granted the privilege in `role`.
     * Each entry can have one of the following values:
     * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
     * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
     * * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
     * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
     * * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
     * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
     * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
     * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
     * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
     */
    @JvmName("hpnorajpkdynfdgq")
    public suspend fun members(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.members = mapped
    }

    /**
     * @param value Used to find the parent resource to bind the IAM policy to
     */
    @JvmName("oqqamjfwifelkwyn")
    public suspend fun name(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.name = mapped
    }

    /**
     * @param value The role that should be applied. Only one
     * `gcp.accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format
     * `[projects|organizations]/{parent-name}/roles/{role-name}`.
     */
    @JvmName("oebpupcfwfjuedwi")
    public suspend fun role(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.role = mapped
    }

    internal fun build(): AccessPolicyIamBindingArgs = AccessPolicyIamBindingArgs(
        condition = condition,
        members = members,
        name = name,
        role = role,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy