com.pulumi.gcp.networksecurity.kotlin.AddressGroupIamBindingArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.networksecurity.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.networksecurity.AddressGroupIamBindingArgs.builder
import com.pulumi.gcp.networksecurity.kotlin.inputs.AddressGroupIamBindingConditionArgs
import com.pulumi.gcp.networksecurity.kotlin.inputs.AddressGroupIamBindingConditionArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Three different resources help you manage your IAM policy for Network security ProjectAddressGroup. Each of these resources serves a different use case:
* * `gcp.networksecurity.AddressGroupIamPolicy`: Authoritative. Sets the IAM policy for the projectaddressgroup and replaces any existing policy already attached.
* * `gcp.networksecurity.AddressGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the projectaddressgroup are preserved.
* * `gcp.networksecurity.AddressGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the projectaddressgroup are preserved.
* A data source can be used to retrieve policy data in advent you do not need creation
* * `gcp.networksecurity.AddressGroupIamPolicy`: Retrieves the IAM policy for the projectaddressgroup
* > **Note:** `gcp.networksecurity.AddressGroupIamPolicy` **cannot** be used in conjunction with `gcp.networksecurity.AddressGroupIamBinding` and `gcp.networksecurity.AddressGroupIamMember` or they will fight over what your policy should be.
* > **Note:** `gcp.networksecurity.AddressGroupIamBinding` resources **can be** used in conjunction with `gcp.networksecurity.AddressGroupIamMember` resources **only if** they do not grant privilege to the same role.
* ## Import
* For all import syntaxes, the "resource in question" can take any of the following forms:
* * projects/{{project}}/locations/{{location}}/addressGroups/{{name}}
* * {{project}}/{{location}}/{{name}}
* * {{location}}/{{name}}
* * {{name}}
* Any variables not passed in the import command will be taken from the provider configuration.
* Network security projectaddressgroup IAM resources can be imported using the resource identifiers, role, and member.
* IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
* ```sh
* $ pulumi import gcp:networksecurity/addressGroupIamBinding:AddressGroupIamBinding editor "projects/{{project}}/locations/{{location}}/addressGroups/{{project_address_group}} roles/compute.networkAdmin user:[email protected]"
* ```
* IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
* ```sh
* $ pulumi import gcp:networksecurity/addressGroupIamBinding:AddressGroupIamBinding editor "projects/{{project}}/locations/{{location}}/addressGroups/{{project_address_group}} roles/compute.networkAdmin"
* ```
* IAM policy imports use the identifier of the resource in question, e.g.
* ```sh
* $ pulumi import gcp:networksecurity/addressGroupIamBinding:AddressGroupIamBinding editor projects/{{project}}/locations/{{location}}/addressGroups/{{project_address_group}}
* ```
* -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
* full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
* @property condition
* @property location The location of the gateway security policy.
* Used to find the parent resource to bind the IAM policy to. If not specified,
* the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
* location is specified, it is taken from the provider configuration.
* @property members Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
* @property name Used to find the parent resource to bind the IAM policy to
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
* @property role The role that should be applied. Only one
* `gcp.networksecurity.AddressGroupIamBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
public data class AddressGroupIamBindingArgs(
public val condition: Output? = null,
public val location: Output? = null,
public val members: Output>? = null,
public val name: Output? = null,
public val project: Output? = null,
public val role: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.networksecurity.AddressGroupIamBindingArgs =
com.pulumi.gcp.networksecurity.AddressGroupIamBindingArgs.builder()
.condition(condition?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.location(location?.applyValue({ args0 -> args0 }))
.members(members?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.name(name?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 }))
.role(role?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AddressGroupIamBindingArgs].
*/
@PulumiTagMarker
public class AddressGroupIamBindingArgsBuilder internal constructor() {
private var condition: Output? = null
private var location: Output? = null
private var members: Output>? = null
private var name: Output? = null
private var project: Output? = null
private var role: Output? = null
/**
* @param value
*/
@JvmName("rfwjrujvqumxooif")
public suspend fun condition(`value`: Output) {
this.condition = value
}
/**
* @param value The location of the gateway security policy.
* Used to find the parent resource to bind the IAM policy to. If not specified,
* the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
* location is specified, it is taken from the provider configuration.
*/
@JvmName("jiypxbnoqrfruhvb")
public suspend fun location(`value`: Output) {
this.location = value
}
/**
* @param value Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("tmvjcgnyrlsblwsf")
public suspend fun members(`value`: Output>) {
this.members = value
}
@JvmName("iefxivxbnlumoupw")
public suspend fun members(vararg values: Output) {
this.members = Output.all(values.asList())
}
/**
* @param values Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("phjqwqaoqxsakwln")
public suspend fun members(values: List>) {
this.members = Output.all(values)
}
/**
* @param value Used to find the parent resource to bind the IAM policy to
*/
@JvmName("fdvupssjknnnwchg")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
*/
@JvmName("fqneitcnhxkmrteu")
public suspend fun project(`value`: Output) {
this.project = value
}
/**
* @param value The role that should be applied. Only one
* `gcp.networksecurity.AddressGroupIamBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
@JvmName("jjwsjucrojusbfre")
public suspend fun role(`value`: Output) {
this.role = value
}
/**
* @param value
*/
@JvmName("efvcthvbigehhejy")
public suspend fun condition(`value`: AddressGroupIamBindingConditionArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.condition = mapped
}
/**
* @param argument
*/
@JvmName("cjfkuuhyvgbdughh")
public suspend fun condition(argument: suspend AddressGroupIamBindingConditionArgsBuilder.() -> Unit) {
val toBeMapped = AddressGroupIamBindingConditionArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.condition = mapped
}
/**
* @param value The location of the gateway security policy.
* Used to find the parent resource to bind the IAM policy to. If not specified,
* the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
* location is specified, it is taken from the provider configuration.
*/
@JvmName("bhoqjnultxgyslio")
public suspend fun location(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.location = mapped
}
/**
* @param value Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("ahikvycmdsbsopsw")
public suspend fun members(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.members = mapped
}
/**
* @param values Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("opdxwmbracpnbvxc")
public suspend fun members(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.members = mapped
}
/**
* @param value Used to find the parent resource to bind the IAM policy to
*/
@JvmName("anoyqeyviycdevqo")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The ID of the project in which the resource belongs.
* If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
*/
@JvmName("fsigjmxxjobfxvwk")
public suspend fun project(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.project = mapped
}
/**
* @param value The role that should be applied. Only one
* `gcp.networksecurity.AddressGroupIamBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
@JvmName("limxcbnbvksutwjt")
public suspend fun role(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.role = mapped
}
internal fun build(): AddressGroupIamBindingArgs = AddressGroupIamBindingArgs(
condition = condition,
location = location,
members = members,
name = name,
project = project,
role = role,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy