com.pulumi.gcp.secretmanager.kotlin.SecretIamBindingArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.secretmanager.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.secretmanager.SecretIamBindingArgs.builder
import com.pulumi.gcp.secretmanager.kotlin.inputs.SecretIamBindingConditionArgs
import com.pulumi.gcp.secretmanager.kotlin.inputs.SecretIamBindingConditionArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
* * `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.
* * `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.
* * `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
* A data source can be used to retrieve policy data in advent you do not need creation
* * `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret
* > **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.
* > **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.
* ## gcp.secretmanager.SecretIamPolicy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/secretmanager.secretAccessor",
* members: ["user:jane@example.com"],
* }],
* });
* const policy = new gcp.secretmanager.SecretIamPolicy("policy", {
* project: secret_basic.project,
* secretId: secret_basic.secretId,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
* role="roles/secretmanager.secretAccessor",
* members=["user:jane@example.com"],
* )])
* policy = gcp.secretmanager.SecretIamPolicy("policy",
* project=secret_basic["project"],
* secret_id=secret_basic["secretId"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/secretmanager.secretAccessor",
* Members = new[]
* {
* "user:[email protected]",
* },
* },
* },
* });
* var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new()
* {
* Project = secret_basic.Project,
* SecretId = secret_basic.SecretId,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/secretmanager.secretAccessor",
* Members: []string{
* "user:[email protected]",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = secretmanager.NewSecretIamPolicy(ctx, "policy", &secretmanager.SecretIamPolicyArgs{
* Project: pulumi.Any(secret_basic.Project),
* SecretId: pulumi.Any(secret_basic.SecretId),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.secretmanager.SecretIamPolicy;
* import com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/secretmanager.secretAccessor")
* .members("user:[email protected]")
* .build())
* .build());
* var policy = new SecretIamPolicy("policy", SecretIamPolicyArgs.builder()
* .project(secret_basic.project())
* .secretId(secret_basic.secretId())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:secretmanager:SecretIamPolicy
* properties:
* project: ${["secret-basic"].project}
* secretId: ${["secret-basic"].secretId}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/secretmanager.secretAccessor
* members:
* - user:[email protected]
* ```
*
* ## gcp.secretmanager.SecretIamBinding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.secretmanager.SecretIamBinding("binding", {
* project: secret_basic.project,
* secretId: secret_basic.secretId,
* role: "roles/secretmanager.secretAccessor",
* members: ["user:jane@example.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.secretmanager.SecretIamBinding("binding",
* project=secret_basic["project"],
* secret_id=secret_basic["secretId"],
* role="roles/secretmanager.secretAccessor",
* members=["user:jane@example.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.SecretManager.SecretIamBinding("binding", new()
* {
* Project = secret_basic.Project,
* SecretId = secret_basic.SecretId,
* Role = "roles/secretmanager.secretAccessor",
* Members = new[]
* {
* "user:[email protected]",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := secretmanager.NewSecretIamBinding(ctx, "binding", &secretmanager.SecretIamBindingArgs{
* Project: pulumi.Any(secret_basic.Project),
* SecretId: pulumi.Any(secret_basic.SecretId),
* Role: pulumi.String("roles/secretmanager.secretAccessor"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected]"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.secretmanager.SecretIamBinding;
* import com.pulumi.gcp.secretmanager.SecretIamBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new SecretIamBinding("binding", SecretIamBindingArgs.builder()
* .project(secret_basic.project())
* .secretId(secret_basic.secretId())
* .role("roles/secretmanager.secretAccessor")
* .members("user:[email protected]")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:secretmanager:SecretIamBinding
* properties:
* project: ${["secret-basic"].project}
* secretId: ${["secret-basic"].secretId}
* role: roles/secretmanager.secretAccessor
* members:
* - user:[email protected]
* ```
*
* ## gcp.secretmanager.SecretIamMember
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.secretmanager.SecretIamMember("member", {
* project: secret_basic.project,
* secretId: secret_basic.secretId,
* role: "roles/secretmanager.secretAccessor",
* member: "user:[email protected]",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.secretmanager.SecretIamMember("member",
* project=secret_basic["project"],
* secret_id=secret_basic["secretId"],
* role="roles/secretmanager.secretAccessor",
* member="user:[email protected]")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.SecretManager.SecretIamMember("member", new()
* {
* Project = secret_basic.Project,
* SecretId = secret_basic.SecretId,
* Role = "roles/secretmanager.secretAccessor",
* Member = "user:[email protected]",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := secretmanager.NewSecretIamMember(ctx, "member", &secretmanager.SecretIamMemberArgs{
* Project: pulumi.Any(secret_basic.Project),
* SecretId: pulumi.Any(secret_basic.SecretId),
* Role: pulumi.String("roles/secretmanager.secretAccessor"),
* Member: pulumi.String("user:[email protected]"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.secretmanager.SecretIamMember;
* import com.pulumi.gcp.secretmanager.SecretIamMemberArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new SecretIamMember("member", SecretIamMemberArgs.builder()
* .project(secret_basic.project())
* .secretId(secret_basic.secretId())
* .role("roles/secretmanager.secretAccessor")
* .member("user:[email protected]")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:secretmanager:SecretIamMember
* properties:
* project: ${["secret-basic"].project}
* secretId: ${["secret-basic"].secretId}
* role: roles/secretmanager.secretAccessor
* member: user:[email protected]
* ```
*
* ## gcp.secretmanager.SecretIamPolicy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/secretmanager.secretAccessor",
* members: ["user:jane@example.com"],
* }],
* });
* const policy = new gcp.secretmanager.SecretIamPolicy("policy", {
* project: secret_basic.project,
* secretId: secret_basic.secretId,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
* role="roles/secretmanager.secretAccessor",
* members=["user:jane@example.com"],
* )])
* policy = gcp.secretmanager.SecretIamPolicy("policy",
* project=secret_basic["project"],
* secret_id=secret_basic["secretId"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/secretmanager.secretAccessor",
* Members = new[]
* {
* "user:[email protected]",
* },
* },
* },
* });
* var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new()
* {
* Project = secret_basic.Project,
* SecretId = secret_basic.SecretId,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/secretmanager.secretAccessor",
* Members: []string{
* "user:[email protected]",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = secretmanager.NewSecretIamPolicy(ctx, "policy", &secretmanager.SecretIamPolicyArgs{
* Project: pulumi.Any(secret_basic.Project),
* SecretId: pulumi.Any(secret_basic.SecretId),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.secretmanager.SecretIamPolicy;
* import com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/secretmanager.secretAccessor")
* .members("user:[email protected]")
* .build())
* .build());
* var policy = new SecretIamPolicy("policy", SecretIamPolicyArgs.builder()
* .project(secret_basic.project())
* .secretId(secret_basic.secretId())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:secretmanager:SecretIamPolicy
* properties:
* project: ${["secret-basic"].project}
* secretId: ${["secret-basic"].secretId}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/secretmanager.secretAccessor
* members:
* - user:[email protected]
* ```
*
* ## gcp.secretmanager.SecretIamBinding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.secretmanager.SecretIamBinding("binding", {
* project: secret_basic.project,
* secretId: secret_basic.secretId,
* role: "roles/secretmanager.secretAccessor",
* members: ["user:jane@example.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.secretmanager.SecretIamBinding("binding",
* project=secret_basic["project"],
* secret_id=secret_basic["secretId"],
* role="roles/secretmanager.secretAccessor",
* members=["user:jane@example.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.SecretManager.SecretIamBinding("binding", new()
* {
* Project = secret_basic.Project,
* SecretId = secret_basic.SecretId,
* Role = "roles/secretmanager.secretAccessor",
* Members = new[]
* {
* "user:[email protected]",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := secretmanager.NewSecretIamBinding(ctx, "binding", &secretmanager.SecretIamBindingArgs{
* Project: pulumi.Any(secret_basic.Project),
* SecretId: pulumi.Any(secret_basic.SecretId),
* Role: pulumi.String("roles/secretmanager.secretAccessor"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected]"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.secretmanager.SecretIamBinding;
* import com.pulumi.gcp.secretmanager.SecretIamBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new SecretIamBinding("binding", SecretIamBindingArgs.builder()
* .project(secret_basic.project())
* .secretId(secret_basic.secretId())
* .role("roles/secretmanager.secretAccessor")
* .members("user:[email protected]")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:secretmanager:SecretIamBinding
* properties:
* project: ${["secret-basic"].project}
* secretId: ${["secret-basic"].secretId}
* role: roles/secretmanager.secretAccessor
* members:
* - user:[email protected]
* ```
*
* ## gcp.secretmanager.SecretIamMember
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.secretmanager.SecretIamMember("member", {
* project: secret_basic.project,
* secretId: secret_basic.secretId,
* role: "roles/secretmanager.secretAccessor",
* member: "user:[email protected]",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.secretmanager.SecretIamMember("member",
* project=secret_basic["project"],
* secret_id=secret_basic["secretId"],
* role="roles/secretmanager.secretAccessor",
* member="user:[email protected]")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.SecretManager.SecretIamMember("member", new()
* {
* Project = secret_basic.Project,
* SecretId = secret_basic.SecretId,
* Role = "roles/secretmanager.secretAccessor",
* Member = "user:[email protected]",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := secretmanager.NewSecretIamMember(ctx, "member", &secretmanager.SecretIamMemberArgs{
* Project: pulumi.Any(secret_basic.Project),
* SecretId: pulumi.Any(secret_basic.SecretId),
* Role: pulumi.String("roles/secretmanager.secretAccessor"),
* Member: pulumi.String("user:[email protected]"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.secretmanager.SecretIamMember;
* import com.pulumi.gcp.secretmanager.SecretIamMemberArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new SecretIamMember("member", SecretIamMemberArgs.builder()
* .project(secret_basic.project())
* .secretId(secret_basic.secretId())
* .role("roles/secretmanager.secretAccessor")
* .member("user:[email protected]")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:secretmanager:SecretIamMember
* properties:
* project: ${["secret-basic"].project}
* secretId: ${["secret-basic"].secretId}
* role: roles/secretmanager.secretAccessor
* member: user:[email protected]
* ```
*
* ## Import
* For all import syntaxes, the "resource in question" can take any of the following forms:
* * projects/{{project}}/secrets/{{secret_id}}
* * {{project}}/{{secret_id}}
* * {{secret_id}}
* Any variables not passed in the import command will be taken from the provider configuration.
* Secret Manager secret IAM resources can be imported using the resource identifiers, role, and member.
* IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
* ```sh
* $ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor "projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:[email protected]"
* ```
* IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
* ```sh
* $ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor "projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor"
* ```
* IAM policy imports use the identifier of the resource in question, e.g.
* ```sh
* $ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor projects/{{project}}/secrets/{{secret_id}}
* ```
* -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
* full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
* @property condition
* @property members Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
* @property role The role that should be applied. Only one
* `gcp.secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
* @property secretId
*/
public data class SecretIamBindingArgs(
public val condition: Output? = null,
public val members: Output>? = null,
public val project: Output? = null,
public val role: Output? = null,
public val secretId: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.secretmanager.SecretIamBindingArgs =
com.pulumi.gcp.secretmanager.SecretIamBindingArgs.builder()
.condition(condition?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.members(members?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.project(project?.applyValue({ args0 -> args0 }))
.role(role?.applyValue({ args0 -> args0 }))
.secretId(secretId?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [SecretIamBindingArgs].
*/
@PulumiTagMarker
public class SecretIamBindingArgsBuilder internal constructor() {
private var condition: Output? = null
private var members: Output>? = null
private var project: Output? = null
private var role: Output? = null
private var secretId: Output? = null
/**
* @param value
*/
@JvmName("sjgotvwcydrqanqg")
public suspend fun condition(`value`: Output) {
this.condition = value
}
/**
* @param value Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("hgakcwrlnitlxeqr")
public suspend fun members(`value`: Output>) {
this.members = value
}
@JvmName("hdbauepuhohfbqce")
public suspend fun members(vararg values: Output) {
this.members = Output.all(values.asList())
}
/**
* @param values Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("iyjhjiwayxwekbsw")
public suspend fun members(values: List
© 2015 - 2024 Weber Informatics LLC | Privacy Policy