Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.gcp.storage.kotlin.BucketIAMBindingArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.storage.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.storage.BucketIAMBindingArgs.builder
import com.pulumi.gcp.storage.kotlin.inputs.BucketIAMBindingConditionArgs
import com.pulumi.gcp.storage.kotlin.inputs.BucketIAMBindingConditionArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:
* * `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.
* * `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.
* * `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.
* A data source can be used to retrieve policy data in advent you do not need creation
* * `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket
* > **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.
* > **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.
* > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
* ## gcp.storage.BucketIAMPolicy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* }],
* });
* const policy = new gcp.storage.BucketIAMPolicy("policy", {
* bucket: _default.name,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/storage.admin",
* "members": ["user:jane@example.com"],
* }])
* policy = gcp.storage.BucketIAMPolicy("policy",
* bucket=default["name"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* },
* },
* });
* var policy = new Gcp.Storage.BucketIAMPolicy("policy", new()
* {
* Bucket = @default.Name,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/storage.admin",
* Members: []string{
* "user:[email protected] ",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{
* Bucket: pulumi.Any(_default.Name),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.storage.BucketIAMPolicy;
* import com.pulumi.gcp.storage.BucketIAMPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .build())
* .build());
* var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder()
* .bucket(default_.name())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:storage:BucketIAMPolicy
* properties:
* bucket: ${default.name}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/storage.admin
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }],
* });
* const policy = new gcp.storage.BucketIAMPolicy("policy", {
* bucket: _default.name,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/storage.admin",
* "members": ["user:jane@example.com"],
* "condition": {
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }])
* policy = gcp.storage.BucketIAMPolicy("policy",
* bucket=default["name"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* });
* var policy = new Gcp.Storage.BucketIAMPolicy("policy", new()
* {
* Bucket = @default.Name,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/storage.admin",
* Members: []string{
* "user:[email protected] ",
* },
* Condition: {
* Title: "expires_after_2019_12_31",
* Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
* Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{
* Bucket: pulumi.Any(_default.Name),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.storage.BucketIAMPolicy;
* import com.pulumi.gcp.storage.BucketIAMPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .condition(GetIAMPolicyBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build())
* .build());
* var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder()
* .bucket(default_.name())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:storage:BucketIAMPolicy
* properties:
* bucket: ${default.name}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/storage.admin
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.storage.BucketIAMBinding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.storage.BucketIAMBinding("binding", {
* bucket: _default.name,
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.storage.BucketIAMBinding("binding",
* bucket=default["name"],
* role="roles/storage.admin",
* members=["user:jane@example.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Storage.BucketIAMBinding("binding", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMBinding;
* import com.pulumi.gcp.storage.BucketIAMBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:storage:BucketIAMBinding
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.storage.BucketIAMBinding("binding", {
* bucket: _default.name,
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.storage.BucketIAMBinding("binding",
* bucket=default["name"],
* role="roles/storage.admin",
* members=["user:jane@example.com"],
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Storage.BucketIAMBinding("binding", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* Condition: &storage.BucketIAMBindingConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMBinding;
* import com.pulumi.gcp.storage.BucketIAMBindingArgs;
* import com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .condition(BucketIAMBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:storage:BucketIAMBinding
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.storage.BucketIAMMember
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.storage.BucketIAMMember("member", {
* bucket: _default.name,
* role: "roles/storage.admin",
* member: "user:[email protected] ",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.storage.BucketIAMMember("member",
* bucket=default["name"],
* role="roles/storage.admin",
* member="user:[email protected] ")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Storage.BucketIAMMember("member", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Member = "user:[email protected] ",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Member: pulumi.String("user:[email protected] "),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMMember;
* import com.pulumi.gcp.storage.BucketIAMMemberArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .member("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:storage:BucketIAMMember
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* member: user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.storage.BucketIAMMember("member", {
* bucket: _default.name,
* role: "roles/storage.admin",
* member: "user:[email protected] ",
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.storage.BucketIAMMember("member",
* bucket=default["name"],
* role="roles/storage.admin",
* member="user:[email protected] ",
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Storage.BucketIAMMember("member", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Member = "user:[email protected] ",
* Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Member: pulumi.String("user:[email protected] "),
* Condition: &storage.BucketIAMMemberConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMMember;
* import com.pulumi.gcp.storage.BucketIAMMemberArgs;
* import com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .member("user:[email protected] ")
* .condition(BucketIAMMemberConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:storage:BucketIAMMember
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* member: user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## This resource supports User Project Overrides.
* -
* # IAM policy for Cloud Storage Bucket
* Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:
* * `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.
* * `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.
* * `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.
* A data source can be used to retrieve policy data in advent you do not need creation
* * `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket
* > **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.
* > **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.
* > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
* ## gcp.storage.BucketIAMPolicy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* }],
* });
* const policy = new gcp.storage.BucketIAMPolicy("policy", {
* bucket: _default.name,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/storage.admin",
* "members": ["user:jane@example.com"],
* }])
* policy = gcp.storage.BucketIAMPolicy("policy",
* bucket=default["name"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* },
* },
* });
* var policy = new Gcp.Storage.BucketIAMPolicy("policy", new()
* {
* Bucket = @default.Name,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/storage.admin",
* Members: []string{
* "user:[email protected] ",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{
* Bucket: pulumi.Any(_default.Name),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.storage.BucketIAMPolicy;
* import com.pulumi.gcp.storage.BucketIAMPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .build())
* .build());
* var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder()
* .bucket(default_.name())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:storage:BucketIAMPolicy
* properties:
* bucket: ${default.name}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/storage.admin
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }],
* });
* const policy = new gcp.storage.BucketIAMPolicy("policy", {
* bucket: _default.name,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[{
* "role": "roles/storage.admin",
* "members": ["user:jane@example.com"],
* "condition": {
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }])
* policy = gcp.storage.BucketIAMPolicy("policy",
* bucket=default["name"],
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* });
* var policy = new Gcp.Storage.BucketIAMPolicy("policy", new()
* {
* Bucket = @default.Name,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/storage.admin",
* Members: []string{
* "user:[email protected] ",
* },
* Condition: {
* Title: "expires_after_2019_12_31",
* Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
* Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{
* Bucket: pulumi.Any(_default.Name),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.storage.BucketIAMPolicy;
* import com.pulumi.gcp.storage.BucketIAMPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .condition(GetIAMPolicyBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build())
* .build());
* var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder()
* .bucket(default_.name())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:storage:BucketIAMPolicy
* properties:
* bucket: ${default.name}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/storage.admin
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.storage.BucketIAMBinding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.storage.BucketIAMBinding("binding", {
* bucket: _default.name,
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.storage.BucketIAMBinding("binding",
* bucket=default["name"],
* role="roles/storage.admin",
* members=["user:jane@example.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Storage.BucketIAMBinding("binding", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMBinding;
* import com.pulumi.gcp.storage.BucketIAMBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:storage:BucketIAMBinding
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const binding = new gcp.storage.BucketIAMBinding("binding", {
* bucket: _default.name,
* role: "roles/storage.admin",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* binding = gcp.storage.BucketIAMBinding("binding",
* bucket=default["name"],
* role="roles/storage.admin",
* members=["user:jane@example.com"],
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var binding = new Gcp.Storage.BucketIAMBinding("binding", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Members = new[]
* {
* "user:[email protected] ",
* },
* Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected] "),
* },
* Condition: &storage.BucketIAMBindingConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMBinding;
* import com.pulumi.gcp.storage.BucketIAMBindingArgs;
* import com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .members("user:[email protected] ")
* .condition(BucketIAMBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* binding:
* type: gcp:storage:BucketIAMBinding
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## gcp.storage.BucketIAMMember
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.storage.BucketIAMMember("member", {
* bucket: _default.name,
* role: "roles/storage.admin",
* member: "user:[email protected] ",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.storage.BucketIAMMember("member",
* bucket=default["name"],
* role="roles/storage.admin",
* member="user:[email protected] ")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Storage.BucketIAMMember("member", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Member = "user:[email protected] ",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Member: pulumi.String("user:[email protected] "),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMMember;
* import com.pulumi.gcp.storage.BucketIAMMemberArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .member("user:[email protected] ")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:storage:BucketIAMMember
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* member: user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const member = new gcp.storage.BucketIAMMember("member", {
* bucket: _default.name,
* role: "roles/storage.admin",
* member: "user:[email protected] ",
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* member = gcp.storage.BucketIAMMember("member",
* bucket=default["name"],
* role="roles/storage.admin",
* member="user:[email protected] ",
* condition={
* "title": "expires_after_2019_12_31",
* "description": "Expiring at midnight of 2019-12-31",
* "expression": "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var member = new Gcp.Storage.BucketIAMMember("member", new()
* {
* Bucket = @default.Name,
* Role = "roles/storage.admin",
* Member = "user:[email protected] ",
* Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{
* Bucket: pulumi.Any(_default.Name),
* Role: pulumi.String("roles/storage.admin"),
* Member: pulumi.String("user:[email protected] "),
* Condition: &storage.BucketIAMMemberConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.storage.BucketIAMMember;
* import com.pulumi.gcp.storage.BucketIAMMemberArgs;
* import com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder()
* .bucket(default_.name())
* .role("roles/storage.admin")
* .member("user:[email protected] ")
* .condition(BucketIAMMemberConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* member:
* type: gcp:storage:BucketIAMMember
* properties:
* bucket: ${default.name}
* role: roles/storage.admin
* member: user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## Import
* For all import syntaxes, the "resource in question" can take any of the following forms:
* * b/{{name}}
* * {{name}}
* Any variables not passed in the import command will be taken from the provider configuration.
* Cloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.
* IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
* ```sh
* $ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor "b/{{bucket}} roles/storage.objectViewer user:[email protected] "
* ```
* IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
* ```sh
* $ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor "b/{{bucket}} roles/storage.objectViewer"
* ```
* IAM policy imports use the identifier of the resource in question, e.g.
* ```sh
* $ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor b/{{bucket}}
* ```
* -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
* full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
* @property bucket Used to find the parent resource to bind the IAM policy to
* @property condition An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
* Structure is documented below.
* @property members Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected] .
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected] .
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected] .
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
* @property role The role that should be applied. Only one
* `gcp.storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
public data class BucketIAMBindingArgs(
public val bucket: Output? = null,
public val condition: Output? = null,
public val members: Output>? = null,
public val role: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.storage.BucketIAMBindingArgs =
com.pulumi.gcp.storage.BucketIAMBindingArgs.builder()
.bucket(bucket?.applyValue({ args0 -> args0 }))
.condition(condition?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.members(members?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.role(role?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [BucketIAMBindingArgs].
*/
@PulumiTagMarker
public class BucketIAMBindingArgsBuilder internal constructor() {
private var bucket: Output? = null
private var condition: Output? = null
private var members: Output>? = null
private var role: Output? = null
/**
* @param value Used to find the parent resource to bind the IAM policy to
*/
@JvmName("fnmoqvsghceanwyy")
public suspend fun bucket(`value`: Output) {
this.bucket = value
}
/**
* @param value An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
* Structure is documented below.
*/
@JvmName("lnvpmyctyietbans")
public suspend fun condition(`value`: Output) {
this.condition = value
}
/**
* @param value Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected] .
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected] .
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected] .
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("ltwnheygayqydjhc")
public suspend fun members(`value`: Output>) {
this.members = value
}
@JvmName("efnfrakegcntagsm")
public suspend fun members(vararg values: Output) {
this.members = Output.all(values.asList())
}
/**
* @param values Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected] .
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected] .
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected] .
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("ftbgookgkenuwuio")
public suspend fun members(values: List>) {
this.members = Output.all(values)
}
/**
* @param value The role that should be applied. Only one
* `gcp.storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
@JvmName("jkilwehyvbpjevpp")
public suspend fun role(`value`: Output) {
this.role = value
}
/**
* @param value Used to find the parent resource to bind the IAM policy to
*/
@JvmName("blowlstwqudlaahj")
public suspend fun bucket(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.bucket = mapped
}
/**
* @param value An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
* Structure is documented below.
*/
@JvmName("olvobxsytjoxsoem")
public suspend fun condition(`value`: BucketIAMBindingConditionArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.condition = mapped
}
/**
* @param argument An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
* Structure is documented below.
*/
@JvmName("qrjqapcgcaglohvb")
public suspend fun condition(argument: suspend BucketIAMBindingConditionArgsBuilder.() -> Unit) {
val toBeMapped = BucketIAMBindingConditionArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.condition = mapped
}
/**
* @param value Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected] .
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected] .
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected] .
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("opihlpdhrjothwqc")
public suspend fun members(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.members = mapped
}
/**
* @param values Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected] .
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected] .
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected] .
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
* * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
* * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
* * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
*/
@JvmName("rayevillrxifjauu")
public suspend fun members(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.members = mapped
}
/**
* @param value The role that should be applied. Only one
* `gcp.storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
@JvmName("snohunljmwfhubyr")
public suspend fun role(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.role = mapped
}
internal fun build(): BucketIAMBindingArgs = BucketIAMBindingArgs(
bucket = bucket,
condition = condition,
members = members,
role = role,
)
}
