com.pulumi.gcp.accesscontextmanager.kotlin.GcpUserAccessBinding.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.accesscontextmanager.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [GcpUserAccessBinding].
*/
@PulumiTagMarker
public class GcpUserAccessBindingResourceBuilder internal constructor() {
public var name: String? = null
public var args: GcpUserAccessBindingArgs = GcpUserAccessBindingArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend GcpUserAccessBindingArgsBuilder.() -> Unit) {
val builder = GcpUserAccessBindingArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): GcpUserAccessBinding {
val builtJavaResource =
com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return GcpUserAccessBinding(builtJavaResource)
}
}
/**
* Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
* To get more information about GcpUserAccessBinding, see:
* * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/organizations.gcpUserAccessBindings)
* ## Example Usage
* ### Access Context Manager Gcp User Access Binding Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const group = new gcp.cloudidentity.Group("group", {
* displayName: "my-identity-group",
* parent: "customers/A01b123xz",
* groupKey: {
* id: "[email protected]",
* },
* labels: {
* "cloudidentity.googleapis.com/groups.discussion_forum": "",
* },
* });
* const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
* parent: "organizations/123456789",
* title: "my policy",
* });
* const accessLevelIdForUserAccessBinding = new gcp.accesscontextmanager.AccessLevel("access_level_id_for_user_access_binding", {
* parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
* name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
* title: "chromeos_no_lock",
* basic: {
* conditions: [{
* devicePolicy: {
* requireScreenLock: true,
* osConstraints: [{
* osType: "DESKTOP_CHROME_OS",
* }],
* },
* regions: ["US"],
* }],
* },
* });
* const gcpUserAccessBinding = new gcp.accesscontextmanager.GcpUserAccessBinding("gcp_user_access_binding", {
* organizationId: "123456789",
* groupKey: std.trimprefixOutput({
* input: group.id,
* prefix: "groups/",
* }).apply(invoke => invoke.result),
* accessLevels: accessLevelIdForUserAccessBinding.name,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* group = gcp.cloudidentity.Group("group",
* display_name="my-identity-group",
* parent="customers/A01b123xz",
* group_key=gcp.cloudidentity.GroupGroupKeyArgs(
* id="[email protected]",
* ),
* labels={
* "cloudidentity.googleapis.com/groups.discussion_forum": "",
* })
* access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
* parent="organizations/123456789",
* title="my policy")
* access_level_id_for_user_access_binding = gcp.accesscontextmanager.AccessLevel("access_level_id_for_user_access_binding",
* parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
* name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
* title="chromeos_no_lock",
* basic=gcp.accesscontextmanager.AccessLevelBasicArgs(
* conditions=[gcp.accesscontextmanager.AccessLevelBasicConditionArgs(
* device_policy=gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs(
* require_screen_lock=True,
* os_constraints=[gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs(
* os_type="DESKTOP_CHROME_OS",
* )],
* ),
* regions=["US"],
* )],
* ))
* gcp_user_access_binding = gcp.accesscontextmanager.GcpUserAccessBinding("gcp_user_access_binding",
* organization_id="123456789",
* group_key=std.trimprefix_output(input=group.id,
* prefix="groups/").apply(lambda invoke: invoke.result),
* access_levels=access_level_id_for_user_access_binding.name)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var @group = new Gcp.CloudIdentity.Group("group", new()
* {
* DisplayName = "my-identity-group",
* Parent = "customers/A01b123xz",
* GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs
* {
* Id = "[email protected]",
* },
* Labels =
* {
* { "cloudidentity.googleapis.com/groups.discussion_forum", "" },
* },
* });
* var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
* {
* Parent = "organizations/123456789",
* Title = "my policy",
* });
* var accessLevelIdForUserAccessBinding = new Gcp.AccessContextManager.AccessLevel("access_level_id_for_user_access_binding", new()
* {
* Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
* Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
* Title = "chromeos_no_lock",
* Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs
* {
* Conditions = new[]
* {
* new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs
* {
* DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs
* {
* RequireScreenLock = true,
* OsConstraints = new[]
* {
* new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs
* {
* OsType = "DESKTOP_CHROME_OS",
* },
* },
* },
* Regions = new[]
* {
* "US",
* },
* },
* },
* },
* });
* var gcpUserAccessBinding = new Gcp.AccessContextManager.GcpUserAccessBinding("gcp_user_access_binding", new()
* {
* OrganizationId = "123456789",
* GroupKey = Std.Trimprefix.Invoke(new()
* {
* Input = @group.Id,
* Prefix = "groups/",
* }).Apply(invoke => invoke.Result),
* AccessLevels = accessLevelIdForUserAccessBinding.Name,
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudidentity"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* group, err := cloudidentity.NewGroup(ctx, "group", &cloudidentity.GroupArgs{
* DisplayName: pulumi.String("my-identity-group"),
* Parent: pulumi.String("customers/A01b123xz"),
* GroupKey: &cloudidentity.GroupGroupKeyArgs{
* Id: pulumi.String("[email protected]"),
* },
* Labels: pulumi.StringMap{
* "cloudidentity.googleapis.com/groups.discussion_forum": pulumi.String(""),
* },
* })
* if err != nil {
* return err
* }
* _, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
* Parent: pulumi.String("organizations/123456789"),
* Title: pulumi.String("my policy"),
* })
* if err != nil {
* return err
* }
* accessLevelIdForUserAccessBinding, err := accesscontextmanager.NewAccessLevel(ctx, "access_level_id_for_user_access_binding", &accesscontextmanager.AccessLevelArgs{
* Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("accessPolicies/%v", name), nil
* }).(pulumi.StringOutput),
* Name: access_policy.Name.ApplyT(func(name string) (string, error) {
* return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
* }).(pulumi.StringOutput),
* Title: pulumi.String("chromeos_no_lock"),
* Basic: &accesscontextmanager.AccessLevelBasicArgs{
* Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
* &accesscontextmanager.AccessLevelBasicConditionArgs{
* DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
* RequireScreenLock: pulumi.Bool(true),
* OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
* &accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
* OsType: pulumi.String("DESKTOP_CHROME_OS"),
* },
* },
* },
* Regions: pulumi.StringArray{
* pulumi.String("US"),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* _, err = accesscontextmanager.NewGcpUserAccessBinding(ctx, "gcp_user_access_binding", &accesscontextmanager.GcpUserAccessBindingArgs{
* OrganizationId: pulumi.String("123456789"),
* GroupKey: std.TrimprefixOutput(ctx, std.TrimprefixOutputArgs{
* Input: group.ID(),
* Prefix: pulumi.String("groups/"),
* }, nil).ApplyT(func(invoke std.TrimprefixResult) (*string, error) {
* return invoke.Result, nil
* }).(pulumi.StringPtrOutput),
* AccessLevels: accessLevelIdForUserAccessBinding.Name,
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.cloudidentity.Group;
* import com.pulumi.gcp.cloudidentity.GroupArgs;
* import com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;
* import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
* import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
* import com.pulumi.gcp.accesscontextmanager.AccessLevel;
* import com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;
* import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;
* import com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding;
* import com.pulumi.gcp.accesscontextmanager.GcpUserAccessBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var group = new Group("group", GroupArgs.builder()
* .displayName("my-identity-group")
* .parent("customers/A01b123xz")
* .groupKey(GroupGroupKeyArgs.builder()
* .id("[email protected]")
* .build())
* .labels(Map.of("cloudidentity.googleapis.com/groups.discussion_forum", ""))
* .build());
* var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
* .parent("organizations/123456789")
* .title("my policy")
* .build());
* var accessLevelIdForUserAccessBinding = new AccessLevel("accessLevelIdForUserAccessBinding", AccessLevelArgs.builder()
* .parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
* .name(access_policy.name().applyValue(name -> String.format("accessPolicies/%s/accessLevels/chromeos_no_lock", name)))
* .title("chromeos_no_lock")
* .basic(AccessLevelBasicArgs.builder()
* .conditions(AccessLevelBasicConditionArgs.builder()
* .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()
* .requireScreenLock(true)
* .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()
* .osType("DESKTOP_CHROME_OS")
* .build())
* .build())
* .regions("US")
* .build())
* .build())
* .build());
* var gcpUserAccessBinding = new GcpUserAccessBinding("gcpUserAccessBinding", GcpUserAccessBindingArgs.builder()
* .organizationId("123456789")
* .groupKey(StdFunctions.trimprefix().applyValue(invoke -> invoke.result()))
* .accessLevels(accessLevelIdForUserAccessBinding.name())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* group:
* type: gcp:cloudidentity:Group
* properties:
* displayName: my-identity-group
* parent: customers/A01b123xz
* groupKey:
* id: [email protected]
* labels:
* cloudidentity.googleapis.com/groups.discussion_forum:
* accessLevelIdForUserAccessBinding:
* type: gcp:accesscontextmanager:AccessLevel
* name: access_level_id_for_user_access_binding
* properties:
* parent: accessPolicies/${["access-policy"].name}
* name: accessPolicies/${["access-policy"].name}/accessLevels/chromeos_no_lock
* title: chromeos_no_lock
* basic:
* conditions:
* - devicePolicy:
* requireScreenLock: true
* osConstraints:
* - osType: DESKTOP_CHROME_OS
* regions:
* - US
* access-policy:
* type: gcp:accesscontextmanager:AccessPolicy
* properties:
* parent: organizations/123456789
* title: my policy
* gcpUserAccessBinding:
* type: gcp:accesscontextmanager:GcpUserAccessBinding
* name: gcp_user_access_binding
* properties:
* organizationId: '123456789'
* groupKey:
* fn::invoke:
* Function: std:trimprefix
* Arguments:
* input: ${group.id}
* prefix: groups/
* Return: result
* accessLevels: ${accessLevelIdForUserAccessBinding.name}
* ```
*
* ## Import
* GcpUserAccessBinding can be imported using any of these accepted formats:
* * `{{name}}`
* When using the `pulumi import` command, GcpUserAccessBinding can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding default {{name}}
* ```
*/
public class GcpUserAccessBinding internal constructor(
override val javaResource: com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding,
) : KotlinCustomResource(javaResource, GcpUserAccessBindingMapper) {
/**
* Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
*/
public val accessLevels: Output
get() = javaResource.accessLevels().applyValue({ args0 -> args0 })
/**
* Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
*/
public val groupKey: Output
get() = javaResource.groupKey().applyValue({ args0 -> args0 })
/**
* Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* Required. ID of the parent organization.
* - - -
*/
public val organizationId: Output
get() = javaResource.organizationId().applyValue({ args0 -> args0 })
}
public object GcpUserAccessBindingMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding::class == javaResource::class
override fun map(javaResource: Resource): GcpUserAccessBinding = GcpUserAccessBinding(
javaResource
as com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding,
)
}
/**
* @see [GcpUserAccessBinding].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [GcpUserAccessBinding].
*/
public suspend fun gcpUserAccessBinding(
name: String,
block: suspend GcpUserAccessBindingResourceBuilder.() -> Unit,
): GcpUserAccessBinding {
val builder = GcpUserAccessBindingResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [GcpUserAccessBinding].
* @param name The _unique_ name of the resulting resource.
*/
public fun gcpUserAccessBinding(name: String): GcpUserAccessBinding {
val builder = GcpUserAccessBindingResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy