Please wait. This can take some minutes ...
Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.gcp.iap.kotlin.WebIamMember.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.iap.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.iap.kotlin.outputs.WebIamMemberCondition
import com.pulumi.gcp.iap.kotlin.outputs.WebIamMemberCondition.Companion.toKotlin
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [WebIamMember].
*/
@PulumiTagMarker
public class WebIamMemberResourceBuilder internal constructor() {
public var name: String? = null
public var args: WebIamMemberArgs = WebIamMemberArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend WebIamMemberArgsBuilder.() -> Unit) {
val builder = WebIamMemberArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): WebIamMember {
val builtJavaResource = com.pulumi.gcp.iap.WebIamMember(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return WebIamMember(builtJavaResource)
}
}
/**
* Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* * `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.
* * `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.
* * `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
* A data source can be used to retrieve policy data in advent you do not need creation
* * `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web
* > **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.
* > **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
* > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
* ## gcp.iap.WebIamPolicy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* }],
* });
* const policy = new gcp.iap.WebIamPolicy("policy", {
* project: projectService.project,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/iap.httpsResourceAccessor",
* "members": ["user:jane@example.com"],
* }])
* policy = gcp.iap.WebIamPolicy("policy",
* project=project_service["project"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* },
* },
* });
* var policy = new Gcp.Iap.WebIamPolicy("policy", new()
* {
* Project = projectService.Project,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/iap.httpsResourceAccessor",
* Members: []string{
* "user:[email protected] ",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
* Project: pulumi.Any(projectService.Project),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.iap.WebIamPolicy;
* import com.pulumi.gcp.iap.WebIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .build())
* .build());
* var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder()
* .project(projectService.project())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:iap:WebIamPolicy
* properties:
* project: ${projectService.project}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }],
* });
* const policy = new gcp.iap.WebIamPolicy("policy", {
* project: projectService.project,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/iap.httpsResourceAccessor",
* "members": ["user:jane@example.com"],
* "condition": {
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }])
* policy = gcp.iap.WebIamPolicy("policy",
* project=project_service["project"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* });
* var policy = new Gcp.Iap.WebIamPolicy("policy", new()
* {
* Project = projectService.Project,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/iap.httpsResourceAccessor",
* Members: []string{
* "user:[email protected] ",
* },
* Condition: {
* Title: "expires_after_2019_12_31",
* Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
* Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
* Project: pulumi.Any(projectService.Project),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.iap.WebIamPolicy;
* import com.pulumi.gcp.iap.WebIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .condition(GetIAMPolicyBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build())
* .build());
* var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder()
* .project(projectService.project())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:iap:WebIamPolicy
* properties:
* project: ${projectService.project}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.iap.WebIamBinding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.iap.WebIamBinding("binding", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.iap.WebIamBinding("binding",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* members=["user:jane@example.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Iap.WebIamBinding("binding", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamBinding;
* import com.pulumi.gcp.iap.WebIamBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new WebIamBinding("binding", WebIamBindingArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:iap:WebIamBinding
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.iap.WebIamBinding("binding", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.iap.WebIamBinding("binding",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* members=["user:jane@example.com"],
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Iap.WebIamBinding("binding", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* Condition: &iap.WebIamBindingConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamBinding;
* import com.pulumi.gcp.iap.WebIamBindingArgs;
* import com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new WebIamBinding("binding", WebIamBindingArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .condition(WebIamBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:iap:WebIamBinding
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.iap.WebIamMember
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.iap.WebIamMember("member", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* member: "user:[email protected] ",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.iap.WebIamMember("member",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* member="user:[email protected] ")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Iap.WebIamMember("member", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Member = "user:[email protected] ",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Member: pulumi.String("user:[email protected] "),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamMember;
* import com.pulumi.gcp.iap.WebIamMemberArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new WebIamMember("member", WebIamMemberArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .member("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:iap:WebIamMember
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* member: user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.iap.WebIamMember("member", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* member: "user:[email protected] ",
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.iap.WebIamMember("member",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* member="user:[email protected] ",
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Iap.WebIamMember("member", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Member = "user:[email protected] ",
* Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Member: pulumi.String("user:[email protected] "),
* Condition: &iap.WebIamMemberConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamMember;
* import com.pulumi.gcp.iap.WebIamMemberArgs;
* import com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new WebIamMember("member", WebIamMemberArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .member("user:[email protected] ")
* .condition(WebIamMemberConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:iap:WebIamMember
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* member: user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## This resource supports User Project Overrides.
* -
* # IAM policy for Identity-Aware Proxy Web
* Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* * `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.
* * `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.
* * `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
* A data source can be used to retrieve policy data in advent you do not need creation
* * `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web
* > **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.
* > **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
* > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
* ## gcp.iap.WebIamPolicy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* }],
* });
* const policy = new gcp.iap.WebIamPolicy("policy", {
* project: projectService.project,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/iap.httpsResourceAccessor",
* "members": ["user:jane@example.com"],
* }])
* policy = gcp.iap.WebIamPolicy("policy",
* project=project_service["project"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* },
* },
* });
* var policy = new Gcp.Iap.WebIamPolicy("policy", new()
* {
* Project = projectService.Project,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/iap.httpsResourceAccessor",
* Members: []string{
* "user:[email protected] ",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
* Project: pulumi.Any(projectService.Project),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.iap.WebIamPolicy;
* import com.pulumi.gcp.iap.WebIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .build())
* .build());
* var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder()
* .project(projectService.project())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:iap:WebIamPolicy
* properties:
* project: ${projectService.project}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }],
* });
* const policy = new gcp.iap.WebIamPolicy("policy", {
* project: projectService.project,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/iap.httpsResourceAccessor",
* "members": ["user:jane@example.com"],
* "condition": {
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }])
* policy = gcp.iap.WebIamPolicy("policy",
* project=project_service["project"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* });
* var policy = new Gcp.Iap.WebIamPolicy("policy", new()
* {
* Project = projectService.Project,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/iap.httpsResourceAccessor",
* Members: []string{
* "user:[email protected] ",
* },
* Condition: {
* Title: "expires_after_2019_12_31",
* Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
* Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
* Project: pulumi.Any(projectService.Project),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.iap.WebIamPolicy;
* import com.pulumi.gcp.iap.WebIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .condition(GetIAMPolicyBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build())
* .build());
* var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder()
* .project(projectService.project())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:iap:WebIamPolicy
* properties:
* project: ${projectService.project}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.iap.WebIamBinding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.iap.WebIamBinding("binding", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.iap.WebIamBinding("binding",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* members=["user:jane@example.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Iap.WebIamBinding("binding", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamBinding;
* import com.pulumi.gcp.iap.WebIamBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new WebIamBinding("binding", WebIamBindingArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:iap:WebIamBinding
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.iap.WebIamBinding("binding", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.iap.WebIamBinding("binding",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* members=["user:jane@example.com"],
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Iap.WebIamBinding("binding", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* Condition: &iap.WebIamBindingConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamBinding;
* import com.pulumi.gcp.iap.WebIamBindingArgs;
* import com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new WebIamBinding("binding", WebIamBindingArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .members("user:[email protected] ")
* .condition(WebIamBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:iap:WebIamBinding
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.iap.WebIamMember
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.iap.WebIamMember("member", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* member: "user:[email protected] ",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.iap.WebIamMember("member",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* member="user:[email protected] ")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Iap.WebIamMember("member", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Member = "user:[email protected] ",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Member: pulumi.String("user:[email protected] "),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamMember;
* import com.pulumi.gcp.iap.WebIamMemberArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new WebIamMember("member", WebIamMemberArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .member("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:iap:WebIamMember
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* member: user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.iap.WebIamMember("member", {
* project: projectService.project,
* role: "roles/iap.httpsResourceAccessor",
* member: "user:[email protected] ",
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.iap.WebIamMember("member",
* project=project_service["project"],
* role="roles/iap.httpsResourceAccessor",
* member="user:[email protected] ",
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Iap.WebIamMember("member", new()
* {
* Project = projectService.Project,
* Role = "roles/iap.httpsResourceAccessor",
* Member = "user:[email protected] ",
* Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
* Project: pulumi.Any(projectService.Project),
* Role: pulumi.String("roles/iap.httpsResourceAccessor"),
* Member: pulumi.String("user:[email protected] "),
* Condition: &iap.WebIamMemberConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iap.WebIamMember;
* import com.pulumi.gcp.iap.WebIamMemberArgs;
* import com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new WebIamMember("member", WebIamMemberArgs.builder()
* .project(projectService.project())
* .role("roles/iap.httpsResourceAccessor")
* .member("user:[email protected] ")
* .condition(WebIamMemberConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:iap:WebIamMember
* properties:
* project: ${projectService.project}
* role: roles/iap.httpsResourceAccessor
* member: user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## Import
* For all import syntaxes, the "resource in question" can take any of the following forms:
* * projects/{{project}}/iap_web
* * {{project}}
* Any variables not passed in the import command will be taken from the provider configuration.
* Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.
* IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
* ```sh
* $ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:[email protected] "
* ```
* IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
* ```sh
* $ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"
* ```
* IAM policy imports use the identifier of the resource in question, e.g.
* ```sh
* $ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web
* ```
* -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
* full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
*/
public class WebIamMember internal constructor(
override val javaResource: com.pulumi.gcp.iap.WebIamMember,
) : KotlinCustomResource(javaResource, WebIamMemberMapper) {
/**
* An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
* Structure is documented below.
*/
public val condition: Output?
get() = javaResource.condition().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
toKotlin(args0)
})
}).orElse(null)
})
/**
* (Computed) The etag of the IAM policy.
*/
public val etag: Output
get() = javaResource.etag().applyValue({ args0 -> args0 })
/**
* Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected] .
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected] .
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected] .
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
public val member: Output
get() = javaResource.member().applyValue({ args0 -> args0 })
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
*/
public val project: Output
get() = javaResource.project().applyValue({ args0 -> args0 })
/**
* The role that should be applied. Only one
* `gcp.iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
public val role: Output
get() = javaResource.role().applyValue({ args0 -> args0 })
}
public object WebIamMemberMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.iap.WebIamMember::class == javaResource::class
override fun map(javaResource: Resource): WebIamMember = WebIamMember(
javaResource as
com.pulumi.gcp.iap.WebIamMember,
)
}
/**
* @see [WebIamMember].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [WebIamMember].
*/
public suspend fun webIamMember(
name: String,
block: suspend WebIamMemberResourceBuilder.() -> Unit,
): WebIamMember {
val builder = WebIamMemberResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [WebIamMember].
* @param name The _unique_ name of the resulting resource.
*/
public fun webIamMember(name: String): WebIamMember {
val builder = WebIamMemberResourceBuilder()
builder.name(name)
return builder.build()
}