com.pulumi.gcp.iam.kotlin.OrganizationsPolicyBindingArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.iam.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.iam.OrganizationsPolicyBindingArgs.builder
import com.pulumi.gcp.iam.kotlin.inputs.OrganizationsPolicyBindingConditionArgs
import com.pulumi.gcp.iam.kotlin.inputs.OrganizationsPolicyBindingConditionArgsBuilder
import com.pulumi.gcp.iam.kotlin.inputs.OrganizationsPolicyBindingTargetArgs
import com.pulumi.gcp.iam.kotlin.inputs.OrganizationsPolicyBindingTargetArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* A policy binding to an organizations
* To get more information about OrganizationsPolicyBinding, see:
* * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/organizations.locations.policyBindings)
* * How-to Guides
* * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
* ## Example Usage
* ### Iam Organizations Policy Binding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", {
* organization: "123456789",
* location: "global",
* displayName: "test org binding",
* principalAccessBoundaryPolicyId: "my-pab-policy",
* });
* const my_org_binding = new gcp.iam.OrganizationsPolicyBinding("my-org-binding", {
* organization: "123456789",
* location: "global",
* displayName: "test org binding",
* policyKind: "PRINCIPAL_ACCESS_BOUNDARY",
* policyBindingId: "test-org-binding",
* policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,
* target: {
* principalSet: "//cloudresourcemanager.googleapis.com/organizations/123456789",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
* organization="123456789",
* location="global",
* display_name="test org binding",
* principal_access_boundary_policy_id="my-pab-policy")
* my_org_binding = gcp.iam.OrganizationsPolicyBinding("my-org-binding",
* organization="123456789",
* location="global",
* display_name="test org binding",
* policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
* policy_binding_id="test-org-binding",
* policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
* target={
* "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy("pab_policy", new()
* {
* Organization = "123456789",
* Location = "global",
* DisplayName = "test org binding",
* PrincipalAccessBoundaryPolicyId = "my-pab-policy",
* });
* var my_org_binding = new Gcp.Iam.OrganizationsPolicyBinding("my-org-binding", new()
* {
* Organization = "123456789",
* Location = "global",
* DisplayName = "test org binding",
* PolicyKind = "PRINCIPAL_ACCESS_BOUNDARY",
* PolicyBindingId = "test-org-binding",
* Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId => $"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}"),
* Target = new Gcp.Iam.Inputs.OrganizationsPolicyBindingTargetArgs
* {
* PrincipalSet = "//cloudresourcemanager.googleapis.com/organizations/123456789",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, "pab_policy", &iam.PrincipalAccessBoundaryPolicyArgs{
* Organization: pulumi.String("123456789"),
* Location: pulumi.String("global"),
* DisplayName: pulumi.String("test org binding"),
* PrincipalAccessBoundaryPolicyId: pulumi.String("my-pab-policy"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewOrganizationsPolicyBinding(ctx, "my-org-binding", &iam.OrganizationsPolicyBindingArgs{
* Organization: pulumi.String("123456789"),
* Location: pulumi.String("global"),
* DisplayName: pulumi.String("test org binding"),
* PolicyKind: pulumi.String("PRINCIPAL_ACCESS_BOUNDARY"),
* PolicyBindingId: pulumi.String("test-org-binding"),
* Policy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {
* return fmt.Sprintf("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v", principalAccessBoundaryPolicyId), nil
* }).(pulumi.StringOutput),
* Target: &iam.OrganizationsPolicyBindingTargetArgs{
* PrincipalSet: pulumi.String("//cloudresourcemanager.googleapis.com/organizations/123456789"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;
* import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;
* import com.pulumi.gcp.iam.OrganizationsPolicyBinding;
* import com.pulumi.gcp.iam.OrganizationsPolicyBindingArgs;
* import com.pulumi.gcp.iam.inputs.OrganizationsPolicyBindingTargetArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pabPolicy = new PrincipalAccessBoundaryPolicy("pabPolicy", PrincipalAccessBoundaryPolicyArgs.builder()
* .organization("123456789")
* .location("global")
* .displayName("test org binding")
* .principalAccessBoundaryPolicyId("my-pab-policy")
* .build());
* var my_org_binding = new OrganizationsPolicyBinding("my-org-binding", OrganizationsPolicyBindingArgs.builder()
* .organization("123456789")
* .location("global")
* .displayName("test org binding")
* .policyKind("PRINCIPAL_ACCESS_BOUNDARY")
* .policyBindingId("test-org-binding")
* .policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(principalAccessBoundaryPolicyId -> String.format("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s", principalAccessBoundaryPolicyId)))
* .target(OrganizationsPolicyBindingTargetArgs.builder()
* .principalSet("//cloudresourcemanager.googleapis.com/organizations/123456789")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pabPolicy:
* type: gcp:iam:PrincipalAccessBoundaryPolicy
* name: pab_policy
* properties:
* organization: '123456789'
* location: global
* displayName: test org binding
* principalAccessBoundaryPolicyId: my-pab-policy
* my-org-binding:
* type: gcp:iam:OrganizationsPolicyBinding
* properties:
* organization: '123456789'
* location: global
* displayName: test org binding
* policyKind: PRINCIPAL_ACCESS_BOUNDARY
* policyBindingId: test-org-binding
* policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}
* target:
* principalSet: //cloudresourcemanager.googleapis.com/organizations/123456789
* ```
*
* ## Import
* OrganizationsPolicyBinding can be imported using any of these accepted formats:
* * `organizations/{{organization}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`
* * `{{organization}}/{{location}}/{{policy_binding_id}}`
* When using the `pulumi import` command, OrganizationsPolicyBinding can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:iam/organizationsPolicyBinding:OrganizationsPolicyBinding default organizations/{{organization}}/locations/{{location}}/policyBindings/{{policy_binding_id}}
* ```
* ```sh
* $ pulumi import gcp:iam/organizationsPolicyBinding:OrganizationsPolicyBinding default {{organization}}/{{location}}/{{policy_binding_id}}
* ```
* @property annotations Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
* @property condition Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
* @property displayName Optional. The description of the policy binding. Must be less than or equal to 63 characters.
* @property location The location of the Policy Binding
* @property organization The parent organization of the Policy Binding.
* @property policy Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
* @property policyBindingId The Policy Binding ID.
* @property policyKind Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will
* be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED
* PRINCIPAL_ACCESS_BOUNDARY ACCESS
* @property target Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
public data class OrganizationsPolicyBindingArgs(
public val annotations: Output>? = null,
public val condition: Output? = null,
public val displayName: Output? = null,
public val location: Output? = null,
public val organization: Output? = null,
public val policy: Output? = null,
public val policyBindingId: Output? = null,
public val policyKind: Output? = null,
public val target: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.iam.OrganizationsPolicyBindingArgs =
com.pulumi.gcp.iam.OrganizationsPolicyBindingArgs.builder()
.annotations(
annotations?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
)
.condition(condition?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.displayName(displayName?.applyValue({ args0 -> args0 }))
.location(location?.applyValue({ args0 -> args0 }))
.organization(organization?.applyValue({ args0 -> args0 }))
.policy(policy?.applyValue({ args0 -> args0 }))
.policyBindingId(policyBindingId?.applyValue({ args0 -> args0 }))
.policyKind(policyKind?.applyValue({ args0 -> args0 }))
.target(target?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) })).build()
}
/**
* Builder for [OrganizationsPolicyBindingArgs].
*/
@PulumiTagMarker
public class OrganizationsPolicyBindingArgsBuilder internal constructor() {
private var annotations: Output>? = null
private var condition: Output? = null
private var displayName: Output? = null
private var location: Output? = null
private var organization: Output? = null
private var policy: Output? = null
private var policyBindingId: Output? = null
private var policyKind: Output? = null
private var target: Output? = null
/**
* @param value Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
*/
@JvmName("wprcfvpcusnxlysv")
public suspend fun annotations(`value`: Output>) {
this.annotations = value
}
/**
* @param value Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
*/
@JvmName("ryckeinswatysvqn")
public suspend fun condition(`value`: Output) {
this.condition = value
}
/**
* @param value Optional. The description of the policy binding. Must be less than or equal to 63 characters.
*/
@JvmName("hgcunwgdadmwvwuv")
public suspend fun displayName(`value`: Output) {
this.displayName = value
}
/**
* @param value The location of the Policy Binding
*/
@JvmName("ybdtgalerbjphmsh")
public suspend fun location(`value`: Output) {
this.location = value
}
/**
* @param value The parent organization of the Policy Binding.
*/
@JvmName("pgtewqenandobmbf")
public suspend fun organization(`value`: Output) {
this.organization = value
}
/**
* @param value Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
*/
@JvmName("xaonrtuosgkogtig")
public suspend fun policy(`value`: Output) {
this.policy = value
}
/**
* @param value The Policy Binding ID.
*/
@JvmName("yyctnpalhxpmgmas")
public suspend fun policyBindingId(`value`: Output) {
this.policyBindingId = value
}
/**
* @param value Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will
* be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED
* PRINCIPAL_ACCESS_BOUNDARY ACCESS
*/
@JvmName("sfwomqrksodpxfus")
public suspend fun policyKind(`value`: Output) {
this.policyKind = value
}
/**
* @param value Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
@JvmName("anjpwfltpqophkvj")
public suspend fun target(`value`: Output) {
this.target = value
}
/**
* @param value Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
*/
@JvmName("hcooophncywssqdm")
public suspend fun annotations(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.annotations = mapped
}
/**
* @param values Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
*/
@JvmName("vsaqlxjgbebgsysr")
public fun annotations(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.annotations = mapped
}
/**
* @param value Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
*/
@JvmName("bhnpjfucnrwrspor")
public suspend fun condition(`value`: OrganizationsPolicyBindingConditionArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.condition = mapped
}
/**
* @param argument Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
*/
@JvmName("kiaoehaxomltntsc")
public suspend fun condition(argument: suspend OrganizationsPolicyBindingConditionArgsBuilder.() -> Unit) {
val toBeMapped = OrganizationsPolicyBindingConditionArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.condition = mapped
}
/**
* @param value Optional. The description of the policy binding. Must be less than or equal to 63 characters.
*/
@JvmName("qmbduvvytaxhmddd")
public suspend fun displayName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.displayName = mapped
}
/**
* @param value The location of the Policy Binding
*/
@JvmName("oiujcmeshjckbyoh")
public suspend fun location(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.location = mapped
}
/**
* @param value The parent organization of the Policy Binding.
*/
@JvmName("aehygptukcsgpber")
public suspend fun organization(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.organization = mapped
}
/**
* @param value Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
*/
@JvmName("ifcbeutojuihpvfy")
public suspend fun policy(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policy = mapped
}
/**
* @param value The Policy Binding ID.
*/
@JvmName("jscuvlejetpajipg")
public suspend fun policyBindingId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyBindingId = mapped
}
/**
* @param value Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will
* be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED
* PRINCIPAL_ACCESS_BOUNDARY ACCESS
*/
@JvmName("epghcrygwrmixmyn")
public suspend fun policyKind(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyKind = mapped
}
/**
* @param value Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
@JvmName("nnlwolucqumneurd")
public suspend fun target(`value`: OrganizationsPolicyBindingTargetArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.target = mapped
}
/**
* @param argument Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
@JvmName("kwspxcxaluugsjxj")
public suspend fun target(argument: suspend OrganizationsPolicyBindingTargetArgsBuilder.() -> Unit) {
val toBeMapped = OrganizationsPolicyBindingTargetArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.target = mapped
}
internal fun build(): OrganizationsPolicyBindingArgs = OrganizationsPolicyBindingArgs(
annotations = annotations,
condition = condition,
displayName = displayName,
location = location,
organization = organization,
policy = policy,
policyBindingId = policyBindingId,
policyKind = policyKind,
target = target,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy