All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.projects.kotlin.IAMAuditConfigArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.projects.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.projects.IAMAuditConfigArgs.builder
import com.pulumi.gcp.projects.kotlin.inputs.IAMAuditConfigAuditLogConfigArgs
import com.pulumi.gcp.projects.kotlin.inputs.IAMAuditConfigAuditLogConfigArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:
 * * `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
 * * `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
 * * `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.
 * * `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.
 * > **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.
 * > **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.
 * > **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints,
 *    IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.
 * ## gcp.projects.IAMPolicy
 * !> **Be careful!** You can accidentally lock yourself out of your project
 *    using this resource. Deleting a `gcp.projects.IAMPolicy` removes access
 *    from anyone without organization-level access to the project. Proceed with caution.
 *    It's not recommended to use `gcp.projects.IAMPolicy` with your provider project
 *    to avoid locking yourself out, and it should generally only be used with projects
 *    fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
 *    applying the change.
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const admin = gcp.organizations.getIAMPolicy({
 *     bindings: [{
 *         role: "roles/editor",
 *         members: ["user:jane@example.com"],
 *     }],
 * });
 * const project = new gcp.projects.IAMPolicy("project", {
 *     project: "your-project-id",
 *     policyData: admin.then(admin => admin.policyData),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
 *     role="roles/editor",
 *     members=["user:jane@example.com"],
 * )])
 * project = gcp.projects.IAMPolicy("project",
 *     project="your-project-id",
 *     policy_data=admin.policy_data)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
 *     {
 *         Bindings = new[]
 *         {
 *             new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
 *             {
 *                 Role = "roles/editor",
 *                 Members = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *             },
 *         },
 *     });
 *     var project = new Gcp.Projects.IAMPolicy("project", new()
 *     {
 *         Project = "your-project-id",
 *         PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
 * 			Bindings: []organizations.GetIAMPolicyBinding{
 * 				{
 * 					Role: "roles/editor",
 * 					Members: []string{
 * 						"user:[email protected]",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
 * 			Project:    pulumi.String("your-project-id"),
 * 			PolicyData: pulumi.String(admin.PolicyData),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
 * import com.pulumi.gcp.projects.IAMPolicy;
 * import com.pulumi.gcp.projects.IAMPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
 *             .bindings(GetIAMPolicyBindingArgs.builder()
 *                 .role("roles/editor")
 *                 .members("user:[email protected]")
 *                 .build())
 *             .build());
 *         var project = new IAMPolicy("project", IAMPolicyArgs.builder()
 *             .project("your-project-id")
 *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMPolicy
 *     properties:
 *       project: your-project-id
 *       policyData: ${admin.policyData}
 * variables:
 *   admin:
 *     fn::invoke:
 *       Function: gcp:organizations:getIAMPolicy
 *       Arguments:
 *         bindings:
 *           - role: roles/editor
 *             members:
 *               - user:[email protected]
 * ```
 * 
 * With IAM Conditions:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const admin = gcp.organizations.getIAMPolicy({
 *     bindings: [{
 *         role: "roles/compute.admin",
 *         members: ["user:jane@example.com"],
 *         condition: {
 *             title: "expires_after_2019_12_31",
 *             description: "Expiring at midnight of 2019-12-31",
 *             expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *         },
 *     }],
 * });
 * const project = new gcp.projects.IAMPolicy("project", {
 *     project: "your-project-id",
 *     policyData: admin.then(admin => admin.policyData),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
 *     role="roles/compute.admin",
 *     members=["user:jane@example.com"],
 *     condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(
 *         title="expires_after_2019_12_31",
 *         description="Expiring at midnight of 2019-12-31",
 *         expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     ),
 * )])
 * project = gcp.projects.IAMPolicy("project",
 *     project="your-project-id",
 *     policy_data=admin.policy_data)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
 *     {
 *         Bindings = new[]
 *         {
 *             new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
 *             {
 *                 Role = "roles/compute.admin",
 *                 Members = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *                 Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs
 *                 {
 *                     Title = "expires_after_2019_12_31",
 *                     Description = "Expiring at midnight of 2019-12-31",
 *                     Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *                 },
 *             },
 *         },
 *     });
 *     var project = new Gcp.Projects.IAMPolicy("project", new()
 *     {
 *         Project = "your-project-id",
 *         PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
 * 			Bindings: []organizations.GetIAMPolicyBinding{
 * 				{
 * 					Role: "roles/compute.admin",
 * 					Members: []string{
 * 						"user:[email protected]",
 * 					},
 * 					Condition: {
 * 						Title:       "expires_after_2019_12_31",
 * 						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
 * 						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
 * 			Project:    pulumi.String("your-project-id"),
 * 			PolicyData: pulumi.String(admin.PolicyData),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
 * import com.pulumi.gcp.projects.IAMPolicy;
 * import com.pulumi.gcp.projects.IAMPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
 *             .bindings(GetIAMPolicyBindingArgs.builder()
 *                 .role("roles/compute.admin")
 *                 .members("user:[email protected]")
 *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
 *                     .title("expires_after_2019_12_31")
 *                     .description("Expiring at midnight of 2019-12-31")
 *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
 *                     .build())
 *                 .build())
 *             .build());
 *         var project = new IAMPolicy("project", IAMPolicyArgs.builder()
 *             .project("your-project-id")
 *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMPolicy
 *     properties:
 *       project: your-project-id
 *       policyData: ${admin.policyData}
 * variables:
 *   admin:
 *     fn::invoke:
 *       Function: gcp:organizations:getIAMPolicy
 *       Arguments:
 *         bindings:
 *           - role: roles/compute.admin
 *             members:
 *               - user:[email protected]
 *             condition:
 *               title: expires_after_2019_12_31
 *               description: Expiring at midnight of 2019-12-31
 *               expression: request.time < timestamp("2020-01-01T00:00:00Z")
 * ```
 * 
 * ## gcp.projects.IAMBinding
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMBinding("project", {
 *     project: "your-project-id",
 *     role: "roles/editor",
 *     members: ["user:jane@example.com"],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMBinding("project",
 *     project="your-project-id",
 *     role="roles/editor",
 *     members=["user:jane@example.com"])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMBinding("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/editor",
 *         Members = new[]
 *         {
 *             "user:[email protected]",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/editor"),
 * 			Members: pulumi.StringArray{
 * 				pulumi.String("user:[email protected]"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMBinding;
 * import com.pulumi.gcp.projects.IAMBindingArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMBinding("project", IAMBindingArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/editor")
 *             .members("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMBinding
 *     properties:
 *       project: your-project-id
 *       role: roles/editor
 *       members:
 *         - user:[email protected]
 * ```
 * 
 * With IAM Conditions:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMBinding("project", {
 *     project: "your-project-id",
 *     role: "roles/container.admin",
 *     members: ["user:jane@example.com"],
 *     condition: {
 *         title: "expires_after_2019_12_31",
 *         description: "Expiring at midnight of 2019-12-31",
 *         expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMBinding("project",
 *     project="your-project-id",
 *     role="roles/container.admin",
 *     members=["user:jane@example.com"],
 *     condition=gcp.projects.IAMBindingConditionArgs(
 *         title="expires_after_2019_12_31",
 *         description="Expiring at midnight of 2019-12-31",
 *         expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMBinding("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/container.admin",
 *         Members = new[]
 *         {
 *             "user:[email protected]",
 *         },
 *         Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs
 *         {
 *             Title = "expires_after_2019_12_31",
 *             Description = "Expiring at midnight of 2019-12-31",
 *             Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/container.admin"),
 * 			Members: pulumi.StringArray{
 * 				pulumi.String("user:[email protected]"),
 * 			},
 * 			Condition: &projects.IAMBindingConditionArgs{
 * 				Title:       pulumi.String("expires_after_2019_12_31"),
 * 				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
 * 				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMBinding;
 * import com.pulumi.gcp.projects.IAMBindingArgs;
 * import com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMBinding("project", IAMBindingArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/container.admin")
 *             .members("user:[email protected]")
 *             .condition(IAMBindingConditionArgs.builder()
 *                 .title("expires_after_2019_12_31")
 *                 .description("Expiring at midnight of 2019-12-31")
 *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMBinding
 *     properties:
 *       project: your-project-id
 *       role: roles/container.admin
 *       members:
 *         - user:[email protected]
 *       condition:
 *         title: expires_after_2019_12_31
 *         description: Expiring at midnight of 2019-12-31
 *         expression: request.time < timestamp("2020-01-01T00:00:00Z")
 * ```
 * 
 * ## gcp.projects.IAMMember
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMMember("project", {
 *     project: "your-project-id",
 *     role: "roles/editor",
 *     member: "user:[email protected]",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMMember("project",
 *     project="your-project-id",
 *     role="roles/editor",
 *     member="user:[email protected]")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMMember("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/editor",
 *         Member = "user:[email protected]",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/editor"),
 * 			Member:  pulumi.String("user:[email protected]"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMMember;
 * import com.pulumi.gcp.projects.IAMMemberArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMMember("project", IAMMemberArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/editor")
 *             .member("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMMember
 *     properties:
 *       project: your-project-id
 *       role: roles/editor
 *       member: user:[email protected]
 * ```
 * 
 * With IAM Conditions:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMMember("project", {
 *     project: "your-project-id",
 *     role: "roles/firebase.admin",
 *     member: "user:[email protected]",
 *     condition: {
 *         title: "expires_after_2019_12_31",
 *         description: "Expiring at midnight of 2019-12-31",
 *         expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMMember("project",
 *     project="your-project-id",
 *     role="roles/firebase.admin",
 *     member="user:[email protected]",
 *     condition=gcp.projects.IAMMemberConditionArgs(
 *         title="expires_after_2019_12_31",
 *         description="Expiring at midnight of 2019-12-31",
 *         expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMMember("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/firebase.admin",
 *         Member = "user:[email protected]",
 *         Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs
 *         {
 *             Title = "expires_after_2019_12_31",
 *             Description = "Expiring at midnight of 2019-12-31",
 *             Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/firebase.admin"),
 * 			Member:  pulumi.String("user:[email protected]"),
 * 			Condition: &projects.IAMMemberConditionArgs{
 * 				Title:       pulumi.String("expires_after_2019_12_31"),
 * 				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
 * 				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMMember;
 * import com.pulumi.gcp.projects.IAMMemberArgs;
 * import com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMMember("project", IAMMemberArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/firebase.admin")
 *             .member("user:[email protected]")
 *             .condition(IAMMemberConditionArgs.builder()
 *                 .title("expires_after_2019_12_31")
 *                 .description("Expiring at midnight of 2019-12-31")
 *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMMember
 *     properties:
 *       project: your-project-id
 *       role: roles/firebase.admin
 *       member: user:[email protected]
 *       condition:
 *         title: expires_after_2019_12_31
 *         description: Expiring at midnight of 2019-12-31
 *         expression: request.time < timestamp("2020-01-01T00:00:00Z")
 * ```
 * 
 * ## gcp.projects.IAMAuditConfig
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMAuditConfig("project", {
 *     project: "your-project-id",
 *     service: "allServices",
 *     auditLogConfigs: [
 *         {
 *             logType: "ADMIN_READ",
 *         },
 *         {
 *             logType: "DATA_READ",
 *             exemptedMembers: ["user:joebloggs@example.com"],
 *         },
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMAuditConfig("project",
 *     project="your-project-id",
 *     service="allServices",
 *     audit_log_configs=[
 *         gcp.projects.IAMAuditConfigAuditLogConfigArgs(
 *             log_type="ADMIN_READ",
 *         ),
 *         gcp.projects.IAMAuditConfigAuditLogConfigArgs(
 *             log_type="DATA_READ",
 *             exempted_members=["user:joebloggs@example.com"],
 *         ),
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMAuditConfig("project", new()
 *     {
 *         Project = "your-project-id",
 *         Service = "allServices",
 *         AuditLogConfigs = new[]
 *         {
 *             new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs
 *             {
 *                 LogType = "ADMIN_READ",
 *             },
 *             new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs
 *             {
 *                 LogType = "DATA_READ",
 *                 ExemptedMembers = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Service: pulumi.String("allServices"),
 * 			AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{
 * 				&projects.IAMAuditConfigAuditLogConfigArgs{
 * 					LogType: pulumi.String("ADMIN_READ"),
 * 				},
 * 				&projects.IAMAuditConfigAuditLogConfigArgs{
 * 					LogType: pulumi.String("DATA_READ"),
 * 					ExemptedMembers: pulumi.StringArray{
 * 						pulumi.String("user:[email protected]"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMAuditConfig;
 * import com.pulumi.gcp.projects.IAMAuditConfigArgs;
 * import com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMAuditConfig("project", IAMAuditConfigArgs.builder()
 *             .project("your-project-id")
 *             .service("allServices")
 *             .auditLogConfigs(
 *                 IAMAuditConfigAuditLogConfigArgs.builder()
 *                     .logType("ADMIN_READ")
 *                     .build(),
 *                 IAMAuditConfigAuditLogConfigArgs.builder()
 *                     .logType("DATA_READ")
 *                     .exemptedMembers("user:[email protected]")
 *                     .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMAuditConfig
 *     properties:
 *       project: your-project-id
 *       service: allServices
 *       auditLogConfigs:
 *         - logType: ADMIN_READ
 *         - logType: DATA_READ
 *           exemptedMembers:
 *             - user:[email protected]
 * ```
 * 
 * ## gcp.projects.IAMPolicy
 * !> **Be careful!** You can accidentally lock yourself out of your project
 *    using this resource. Deleting a `gcp.projects.IAMPolicy` removes access
 *    from anyone without organization-level access to the project. Proceed with caution.
 *    It's not recommended to use `gcp.projects.IAMPolicy` with your provider project
 *    to avoid locking yourself out, and it should generally only be used with projects
 *    fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
 *    applying the change.
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const admin = gcp.organizations.getIAMPolicy({
 *     bindings: [{
 *         role: "roles/editor",
 *         members: ["user:jane@example.com"],
 *     }],
 * });
 * const project = new gcp.projects.IAMPolicy("project", {
 *     project: "your-project-id",
 *     policyData: admin.then(admin => admin.policyData),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
 *     role="roles/editor",
 *     members=["user:jane@example.com"],
 * )])
 * project = gcp.projects.IAMPolicy("project",
 *     project="your-project-id",
 *     policy_data=admin.policy_data)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
 *     {
 *         Bindings = new[]
 *         {
 *             new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
 *             {
 *                 Role = "roles/editor",
 *                 Members = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *             },
 *         },
 *     });
 *     var project = new Gcp.Projects.IAMPolicy("project", new()
 *     {
 *         Project = "your-project-id",
 *         PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
 * 			Bindings: []organizations.GetIAMPolicyBinding{
 * 				{
 * 					Role: "roles/editor",
 * 					Members: []string{
 * 						"user:[email protected]",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
 * 			Project:    pulumi.String("your-project-id"),
 * 			PolicyData: pulumi.String(admin.PolicyData),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
 * import com.pulumi.gcp.projects.IAMPolicy;
 * import com.pulumi.gcp.projects.IAMPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
 *             .bindings(GetIAMPolicyBindingArgs.builder()
 *                 .role("roles/editor")
 *                 .members("user:[email protected]")
 *                 .build())
 *             .build());
 *         var project = new IAMPolicy("project", IAMPolicyArgs.builder()
 *             .project("your-project-id")
 *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMPolicy
 *     properties:
 *       project: your-project-id
 *       policyData: ${admin.policyData}
 * variables:
 *   admin:
 *     fn::invoke:
 *       Function: gcp:organizations:getIAMPolicy
 *       Arguments:
 *         bindings:
 *           - role: roles/editor
 *             members:
 *               - user:[email protected]
 * ```
 * 
 * With IAM Conditions:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const admin = gcp.organizations.getIAMPolicy({
 *     bindings: [{
 *         role: "roles/compute.admin",
 *         members: ["user:jane@example.com"],
 *         condition: {
 *             title: "expires_after_2019_12_31",
 *             description: "Expiring at midnight of 2019-12-31",
 *             expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *         },
 *     }],
 * });
 * const project = new gcp.projects.IAMPolicy("project", {
 *     project: "your-project-id",
 *     policyData: admin.then(admin => admin.policyData),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
 *     role="roles/compute.admin",
 *     members=["user:jane@example.com"],
 *     condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(
 *         title="expires_after_2019_12_31",
 *         description="Expiring at midnight of 2019-12-31",
 *         expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     ),
 * )])
 * project = gcp.projects.IAMPolicy("project",
 *     project="your-project-id",
 *     policy_data=admin.policy_data)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
 *     {
 *         Bindings = new[]
 *         {
 *             new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
 *             {
 *                 Role = "roles/compute.admin",
 *                 Members = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *                 Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs
 *                 {
 *                     Title = "expires_after_2019_12_31",
 *                     Description = "Expiring at midnight of 2019-12-31",
 *                     Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *                 },
 *             },
 *         },
 *     });
 *     var project = new Gcp.Projects.IAMPolicy("project", new()
 *     {
 *         Project = "your-project-id",
 *         PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
 * 			Bindings: []organizations.GetIAMPolicyBinding{
 * 				{
 * 					Role: "roles/compute.admin",
 * 					Members: []string{
 * 						"user:[email protected]",
 * 					},
 * 					Condition: {
 * 						Title:       "expires_after_2019_12_31",
 * 						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
 * 						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
 * 			Project:    pulumi.String("your-project-id"),
 * 			PolicyData: pulumi.String(admin.PolicyData),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.organizations.OrganizationsFunctions;
 * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
 * import com.pulumi.gcp.projects.IAMPolicy;
 * import com.pulumi.gcp.projects.IAMPolicyArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
 *             .bindings(GetIAMPolicyBindingArgs.builder()
 *                 .role("roles/compute.admin")
 *                 .members("user:[email protected]")
 *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
 *                     .title("expires_after_2019_12_31")
 *                     .description("Expiring at midnight of 2019-12-31")
 *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
 *                     .build())
 *                 .build())
 *             .build());
 *         var project = new IAMPolicy("project", IAMPolicyArgs.builder()
 *             .project("your-project-id")
 *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMPolicy
 *     properties:
 *       project: your-project-id
 *       policyData: ${admin.policyData}
 * variables:
 *   admin:
 *     fn::invoke:
 *       Function: gcp:organizations:getIAMPolicy
 *       Arguments:
 *         bindings:
 *           - role: roles/compute.admin
 *             members:
 *               - user:[email protected]
 *             condition:
 *               title: expires_after_2019_12_31
 *               description: Expiring at midnight of 2019-12-31
 *               expression: request.time < timestamp("2020-01-01T00:00:00Z")
 * ```
 * 
 * ## gcp.projects.IAMBinding
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMBinding("project", {
 *     project: "your-project-id",
 *     role: "roles/editor",
 *     members: ["user:jane@example.com"],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMBinding("project",
 *     project="your-project-id",
 *     role="roles/editor",
 *     members=["user:jane@example.com"])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMBinding("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/editor",
 *         Members = new[]
 *         {
 *             "user:[email protected]",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/editor"),
 * 			Members: pulumi.StringArray{
 * 				pulumi.String("user:[email protected]"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMBinding;
 * import com.pulumi.gcp.projects.IAMBindingArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMBinding("project", IAMBindingArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/editor")
 *             .members("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMBinding
 *     properties:
 *       project: your-project-id
 *       role: roles/editor
 *       members:
 *         - user:[email protected]
 * ```
 * 
 * With IAM Conditions:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMBinding("project", {
 *     project: "your-project-id",
 *     role: "roles/container.admin",
 *     members: ["user:jane@example.com"],
 *     condition: {
 *         title: "expires_after_2019_12_31",
 *         description: "Expiring at midnight of 2019-12-31",
 *         expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMBinding("project",
 *     project="your-project-id",
 *     role="roles/container.admin",
 *     members=["user:jane@example.com"],
 *     condition=gcp.projects.IAMBindingConditionArgs(
 *         title="expires_after_2019_12_31",
 *         description="Expiring at midnight of 2019-12-31",
 *         expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMBinding("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/container.admin",
 *         Members = new[]
 *         {
 *             "user:[email protected]",
 *         },
 *         Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs
 *         {
 *             Title = "expires_after_2019_12_31",
 *             Description = "Expiring at midnight of 2019-12-31",
 *             Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/container.admin"),
 * 			Members: pulumi.StringArray{
 * 				pulumi.String("user:[email protected]"),
 * 			},
 * 			Condition: &projects.IAMBindingConditionArgs{
 * 				Title:       pulumi.String("expires_after_2019_12_31"),
 * 				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
 * 				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMBinding;
 * import com.pulumi.gcp.projects.IAMBindingArgs;
 * import com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMBinding("project", IAMBindingArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/container.admin")
 *             .members("user:[email protected]")
 *             .condition(IAMBindingConditionArgs.builder()
 *                 .title("expires_after_2019_12_31")
 *                 .description("Expiring at midnight of 2019-12-31")
 *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMBinding
 *     properties:
 *       project: your-project-id
 *       role: roles/container.admin
 *       members:
 *         - user:[email protected]
 *       condition:
 *         title: expires_after_2019_12_31
 *         description: Expiring at midnight of 2019-12-31
 *         expression: request.time < timestamp("2020-01-01T00:00:00Z")
 * ```
 * 
 * ## gcp.projects.IAMMember
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMMember("project", {
 *     project: "your-project-id",
 *     role: "roles/editor",
 *     member: "user:[email protected]",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMMember("project",
 *     project="your-project-id",
 *     role="roles/editor",
 *     member="user:[email protected]")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMMember("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/editor",
 *         Member = "user:[email protected]",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/editor"),
 * 			Member:  pulumi.String("user:[email protected]"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMMember;
 * import com.pulumi.gcp.projects.IAMMemberArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMMember("project", IAMMemberArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/editor")
 *             .member("user:[email protected]")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMMember
 *     properties:
 *       project: your-project-id
 *       role: roles/editor
 *       member: user:[email protected]
 * ```
 * 
 * With IAM Conditions:
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMMember("project", {
 *     project: "your-project-id",
 *     role: "roles/firebase.admin",
 *     member: "user:[email protected]",
 *     condition: {
 *         title: "expires_after_2019_12_31",
 *         description: "Expiring at midnight of 2019-12-31",
 *         expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMMember("project",
 *     project="your-project-id",
 *     role="roles/firebase.admin",
 *     member="user:[email protected]",
 *     condition=gcp.projects.IAMMemberConditionArgs(
 *         title="expires_after_2019_12_31",
 *         description="Expiring at midnight of 2019-12-31",
 *         expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMMember("project", new()
 *     {
 *         Project = "your-project-id",
 *         Role = "roles/firebase.admin",
 *         Member = "user:[email protected]",
 *         Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs
 *         {
 *             Title = "expires_after_2019_12_31",
 *             Description = "Expiring at midnight of 2019-12-31",
 *             Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Role:    pulumi.String("roles/firebase.admin"),
 * 			Member:  pulumi.String("user:[email protected]"),
 * 			Condition: &projects.IAMMemberConditionArgs{
 * 				Title:       pulumi.String("expires_after_2019_12_31"),
 * 				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
 * 				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMMember;
 * import com.pulumi.gcp.projects.IAMMemberArgs;
 * import com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMMember("project", IAMMemberArgs.builder()
 *             .project("your-project-id")
 *             .role("roles/firebase.admin")
 *             .member("user:[email protected]")
 *             .condition(IAMMemberConditionArgs.builder()
 *                 .title("expires_after_2019_12_31")
 *                 .description("Expiring at midnight of 2019-12-31")
 *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMMember
 *     properties:
 *       project: your-project-id
 *       role: roles/firebase.admin
 *       member: user:[email protected]
 *       condition:
 *         title: expires_after_2019_12_31
 *         description: Expiring at midnight of 2019-12-31
 *         expression: request.time < timestamp("2020-01-01T00:00:00Z")
 * ```
 * 
 * ## gcp.projects.IAMAuditConfig
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const project = new gcp.projects.IAMAuditConfig("project", {
 *     project: "your-project-id",
 *     service: "allServices",
 *     auditLogConfigs: [
 *         {
 *             logType: "ADMIN_READ",
 *         },
 *         {
 *             logType: "DATA_READ",
 *             exemptedMembers: ["user:joebloggs@example.com"],
 *         },
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * project = gcp.projects.IAMAuditConfig("project",
 *     project="your-project-id",
 *     service="allServices",
 *     audit_log_configs=[
 *         gcp.projects.IAMAuditConfigAuditLogConfigArgs(
 *             log_type="ADMIN_READ",
 *         ),
 *         gcp.projects.IAMAuditConfigAuditLogConfigArgs(
 *             log_type="DATA_READ",
 *             exempted_members=["user:joebloggs@example.com"],
 *         ),
 *     ])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var project = new Gcp.Projects.IAMAuditConfig("project", new()
 *     {
 *         Project = "your-project-id",
 *         Service = "allServices",
 *         AuditLogConfigs = new[]
 *         {
 *             new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs
 *             {
 *                 LogType = "ADMIN_READ",
 *             },
 *             new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs
 *             {
 *                 LogType = "DATA_READ",
 *                 ExemptedMembers = new[]
 *                 {
 *                     "user:[email protected]",
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{
 * 			Project: pulumi.String("your-project-id"),
 * 			Service: pulumi.String("allServices"),
 * 			AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{
 * 				&projects.IAMAuditConfigAuditLogConfigArgs{
 * 					LogType: pulumi.String("ADMIN_READ"),
 * 				},
 * 				&projects.IAMAuditConfigAuditLogConfigArgs{
 * 					LogType: pulumi.String("DATA_READ"),
 * 					ExemptedMembers: pulumi.StringArray{
 * 						pulumi.String("user:[email protected]"),
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.IAMAuditConfig;
 * import com.pulumi.gcp.projects.IAMAuditConfigArgs;
 * import com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var project = new IAMAuditConfig("project", IAMAuditConfigArgs.builder()
 *             .project("your-project-id")
 *             .service("allServices")
 *             .auditLogConfigs(
 *                 IAMAuditConfigAuditLogConfigArgs.builder()
 *                     .logType("ADMIN_READ")
 *                     .build(),
 *                 IAMAuditConfigAuditLogConfigArgs.builder()
 *                     .logType("DATA_READ")
 *                     .exemptedMembers("user:[email protected]")
 *                     .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   project:
 *     type: gcp:projects:IAMAuditConfig
 *     properties:
 *       project: your-project-id
 *       service: allServices
 *       auditLogConfigs:
 *         - logType: ADMIN_READ
 *         - logType: DATA_READ
 *           exemptedMembers:
 *             - user:[email protected]
 * ```
 * 
 * ## Import
 * ### Importing Audit Configs
 * An audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:
 * * `"{{project_id}} foo.googleapis.com"`
 * An `import` block (Terraform v1.5.0 and later) can be used to import audit configs:
 * tf
 * import {
 *   id = "{{project_id}} foo.googleapis.com"
 *   to = google_project_iam_audit_config.default
 * }
 * The `pulumi import` command can also be used:
 * ```sh
 * $ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig default "{{project_id}} foo.googleapis.com"
 * ```
 * @property auditLogConfigs The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
 * @property project The project id of the target project. This is not
 * inferred from the provider.
 * @property service Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are gcp.projects.IAMAuditConfig resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `log_types` specified in each `audit_log_config` are enabled, and the `exempted_members` in each `audit_log_config` are exempted.
 */
public data class IAMAuditConfigArgs(
    public val auditLogConfigs: Output>? = null,
    public val project: Output? = null,
    public val service: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.projects.IAMAuditConfigArgs =
        com.pulumi.gcp.projects.IAMAuditConfigArgs.builder()
            .auditLogConfigs(
                auditLogConfigs?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 ->
                            args0.toJava()
                        })
                    })
                }),
            )
            .project(project?.applyValue({ args0 -> args0 }))
            .service(service?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [IAMAuditConfigArgs].
 */
@PulumiTagMarker
public class IAMAuditConfigArgsBuilder internal constructor() {
    private var auditLogConfigs: Output>? = null

    private var project: Output? = null

    private var service: Output? = null

    /**
     * @param value The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
     */
    @JvmName("pcjsygpcwsbgwmvm")
    public suspend fun auditLogConfigs(`value`: Output>) {
        this.auditLogConfigs = value
    }

    @JvmName("pvoxrkayoxwlhbxo")
    public suspend fun auditLogConfigs(vararg values: Output) {
        this.auditLogConfigs = Output.all(values.asList())
    }

    /**
     * @param values The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
     */
    @JvmName("vcwdsrxecuyfwius")
    public suspend fun auditLogConfigs(values: List>) {
        this.auditLogConfigs = Output.all(values)
    }

    /**
     * @param value The project id of the target project. This is not
     * inferred from the provider.
     */
    @JvmName("mrlogfvxcgnuxwjj")
    public suspend fun project(`value`: Output) {
        this.project = value
    }

    /**
     * @param value Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are gcp.projects.IAMAuditConfig resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `log_types` specified in each `audit_log_config` are enabled, and the `exempted_members` in each `audit_log_config` are exempted.
     */
    @JvmName("vrwvdxgrybyqowhf")
    public suspend fun service(`value`: Output) {
        this.service = value
    }

    /**
     * @param value The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
     */
    @JvmName("ypdjbpyxifhpiyti")
    public suspend fun auditLogConfigs(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.auditLogConfigs = mapped
    }

    /**
     * @param argument The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
     */
    @JvmName("ncrocwqamyjeluje")
    public suspend fun auditLogConfigs(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            IAMAuditConfigAuditLogConfigArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.auditLogConfigs = mapped
    }

    /**
     * @param argument The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
     */
    @JvmName("ihlecbyqmkbqgmgc")
    public suspend fun auditLogConfigs(vararg argument: suspend IAMAuditConfigAuditLogConfigArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            IAMAuditConfigAuditLogConfigArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.auditLogConfigs = mapped
    }

    /**
     * @param argument The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
     */
    @JvmName("teiitipcowkhlppg")
    public suspend fun auditLogConfigs(argument: suspend IAMAuditConfigAuditLogConfigArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(
            IAMAuditConfigAuditLogConfigArgsBuilder().applySuspend {
                argument()
            }.build(),
        )
        val mapped = of(toBeMapped)
        this.auditLogConfigs = mapped
    }

    /**
     * @param values The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
     */
    @JvmName("xxnpvfrbdcvkeeja")
    public suspend fun auditLogConfigs(vararg values: IAMAuditConfigAuditLogConfigArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.auditLogConfigs = mapped
    }

    /**
     * @param value The project id of the target project. This is not
     * inferred from the provider.
     */
    @JvmName("qlnhgfmrrorskdho")
    public suspend fun project(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.project = mapped
    }

    /**
     * @param value Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are gcp.projects.IAMAuditConfig resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `log_types` specified in each `audit_log_config` are enabled, and the `exempted_members` in each `audit_log_config` are exempted.
     */
    @JvmName("jsiuvtjasslmthyl")
    public suspend fun service(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.service = mapped
    }

    internal fun build(): IAMAuditConfigArgs = IAMAuditConfigArgs(
        auditLogConfigs = auditLogConfigs,
        project = project,
        service = service,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy