com.pulumi.gcp.iam.kotlin.ProjectsPolicyBindingArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.iam.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.iam.ProjectsPolicyBindingArgs.builder
import com.pulumi.gcp.iam.kotlin.inputs.ProjectsPolicyBindingConditionArgs
import com.pulumi.gcp.iam.kotlin.inputs.ProjectsPolicyBindingConditionArgsBuilder
import com.pulumi.gcp.iam.kotlin.inputs.ProjectsPolicyBindingTargetArgs
import com.pulumi.gcp.iam.kotlin.inputs.ProjectsPolicyBindingTargetArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* A policy binding to a Project
* To get more information about ProjectsPolicyBinding, see:
* * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/projects.locations.policyBindings)
* * How-to Guides
* * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
* ## Example Usage
* ### Iam Projects Policy Binding
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const project = gcp.organizations.getProject({});
* const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", {
* organization: "123456789",
* location: "global",
* displayName: "test project binding",
* principalAccessBoundaryPolicyId: "my-pab-policy",
* });
* const my_project_binding = new gcp.iam.ProjectsPolicyBinding("my-project-binding", {
* project: project.then(project => project.projectId),
* location: "global",
* displayName: "test project binding",
* policyKind: "PRINCIPAL_ACCESS_BOUNDARY",
* policyBindingId: "test-project-binding",
* policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,
* target: {
* principalSet: project.then(project => `//cloudresourcemanager.googleapis.com/projects/${project.projectId}`),
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* project = gcp.organizations.get_project()
* pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
* organization="123456789",
* location="global",
* display_name="test project binding",
* principal_access_boundary_policy_id="my-pab-policy")
* my_project_binding = gcp.iam.ProjectsPolicyBinding("my-project-binding",
* project=project.project_id,
* location="global",
* display_name="test project binding",
* policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
* policy_binding_id="test-project-binding",
* policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
* target={
* "principal_set": f"//cloudresourcemanager.googleapis.com/projects/{project.project_id}",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var project = Gcp.Organizations.GetProject.Invoke();
* var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy("pab_policy", new()
* {
* Organization = "123456789",
* Location = "global",
* DisplayName = "test project binding",
* PrincipalAccessBoundaryPolicyId = "my-pab-policy",
* });
* var my_project_binding = new Gcp.Iam.ProjectsPolicyBinding("my-project-binding", new()
* {
* Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
* Location = "global",
* DisplayName = "test project binding",
* PolicyKind = "PRINCIPAL_ACCESS_BOUNDARY",
* PolicyBindingId = "test-project-binding",
* Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId => $"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}"),
* Target = new Gcp.Iam.Inputs.ProjectsPolicyBindingTargetArgs
* {
* PrincipalSet = $"//cloudresourcemanager.googleapis.com/projects/{project.Apply(getProjectResult => getProjectResult.ProjectId)}",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
* "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
* if err != nil {
* return err
* }
* pabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, "pab_policy", &iam.PrincipalAccessBoundaryPolicyArgs{
* Organization: pulumi.String("123456789"),
* Location: pulumi.String("global"),
* DisplayName: pulumi.String("test project binding"),
* PrincipalAccessBoundaryPolicyId: pulumi.String("my-pab-policy"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewProjectsPolicyBinding(ctx, "my-project-binding", &iam.ProjectsPolicyBindingArgs{
* Project: pulumi.String(project.ProjectId),
* Location: pulumi.String("global"),
* DisplayName: pulumi.String("test project binding"),
* PolicyKind: pulumi.String("PRINCIPAL_ACCESS_BOUNDARY"),
* PolicyBindingId: pulumi.String("test-project-binding"),
* Policy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {
* return fmt.Sprintf("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v", principalAccessBoundaryPolicyId), nil
* }).(pulumi.StringOutput),
* Target: &iam.ProjectsPolicyBindingTargetArgs{
* PrincipalSet: pulumi.Sprintf("//cloudresourcemanager.googleapis.com/projects/%v", project.ProjectId),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
* import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;
* import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;
* import com.pulumi.gcp.iam.ProjectsPolicyBinding;
* import com.pulumi.gcp.iam.ProjectsPolicyBindingArgs;
* import com.pulumi.gcp.iam.inputs.ProjectsPolicyBindingTargetArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var project = OrganizationsFunctions.getProject();
* var pabPolicy = new PrincipalAccessBoundaryPolicy("pabPolicy", PrincipalAccessBoundaryPolicyArgs.builder()
* .organization("123456789")
* .location("global")
* .displayName("test project binding")
* .principalAccessBoundaryPolicyId("my-pab-policy")
* .build());
* var my_project_binding = new ProjectsPolicyBinding("my-project-binding", ProjectsPolicyBindingArgs.builder()
* .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
* .location("global")
* .displayName("test project binding")
* .policyKind("PRINCIPAL_ACCESS_BOUNDARY")
* .policyBindingId("test-project-binding")
* .policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(principalAccessBoundaryPolicyId -> String.format("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s", principalAccessBoundaryPolicyId)))
* .target(ProjectsPolicyBindingTargetArgs.builder()
* .principalSet(String.format("//cloudresourcemanager.googleapis.com/projects/%s", project.applyValue(getProjectResult -> getProjectResult.projectId())))
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pabPolicy:
* type: gcp:iam:PrincipalAccessBoundaryPolicy
* name: pab_policy
* properties:
* organization: '123456789'
* location: global
* displayName: test project binding
* principalAccessBoundaryPolicyId: my-pab-policy
* my-project-binding:
* type: gcp:iam:ProjectsPolicyBinding
* properties:
* project: ${project.projectId}
* location: global
* displayName: test project binding
* policyKind: PRINCIPAL_ACCESS_BOUNDARY
* policyBindingId: test-project-binding
* policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}
* target:
* principalSet: //cloudresourcemanager.googleapis.com/projects/${project.projectId}
* variables:
* project:
* fn::invoke:
* function: gcp:organizations:getProject
* arguments: {}
* ```
*
* ## Import
* ProjectsPolicyBinding can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`
* * `{{project}}/{{location}}/{{policy_binding_id}}`
* * `{{location}}/{{policy_binding_id}}`
* When using the `pulumi import` command, ProjectsPolicyBinding can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:iam/projectsPolicyBinding:ProjectsPolicyBinding default projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}
* ```
* ```sh
* $ pulumi import gcp:iam/projectsPolicyBinding:ProjectsPolicyBinding default {{project}}/{{location}}/{{policy_binding_id}}
* ```
* ```sh
* $ pulumi import gcp:iam/projectsPolicyBinding:ProjectsPolicyBinding default {{location}}/{{policy_binding_id}}
* ```
* @property annotations Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
* @property condition Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
* @property displayName Optional. The description of the policy binding. Must be less than or equal to 63 characters.
* @property location The location of the Policy Binding
* @property policy Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
* @property policyBindingId The Policy Binding ID.
* @property policyKind Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will
* be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED
* PRINCIPAL_ACCESS_BOUNDARY ACCESS
* @property project
* @property target Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
public data class ProjectsPolicyBindingArgs(
public val annotations: Output>? = null,
public val condition: Output? = null,
public val displayName: Output? = null,
public val location: Output? = null,
public val policy: Output? = null,
public val policyBindingId: Output? = null,
public val policyKind: Output? = null,
public val project: Output? = null,
public val target: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.iam.ProjectsPolicyBindingArgs =
com.pulumi.gcp.iam.ProjectsPolicyBindingArgs.builder()
.annotations(
annotations?.applyValue({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}),
)
.condition(condition?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.displayName(displayName?.applyValue({ args0 -> args0 }))
.location(location?.applyValue({ args0 -> args0 }))
.policy(policy?.applyValue({ args0 -> args0 }))
.policyBindingId(policyBindingId?.applyValue({ args0 -> args0 }))
.policyKind(policyKind?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 }))
.target(target?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) })).build()
}
/**
* Builder for [ProjectsPolicyBindingArgs].
*/
@PulumiTagMarker
public class ProjectsPolicyBindingArgsBuilder internal constructor() {
private var annotations: Output>? = null
private var condition: Output? = null
private var displayName: Output? = null
private var location: Output? = null
private var policy: Output? = null
private var policyBindingId: Output? = null
private var policyKind: Output? = null
private var project: Output? = null
private var target: Output? = null
/**
* @param value Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
*/
@JvmName("ksxlevltfewdcgxn")
public suspend fun annotations(`value`: Output>) {
this.annotations = value
}
/**
* @param value Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
*/
@JvmName("vmokicxhhikaljop")
public suspend fun condition(`value`: Output) {
this.condition = value
}
/**
* @param value Optional. The description of the policy binding. Must be less than or equal to 63 characters.
*/
@JvmName("apmtjyyjilteddgs")
public suspend fun displayName(`value`: Output) {
this.displayName = value
}
/**
* @param value The location of the Policy Binding
*/
@JvmName("ebfnpyhjktwoamrt")
public suspend fun location(`value`: Output) {
this.location = value
}
/**
* @param value Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
*/
@JvmName("pnegayirrfrvikek")
public suspend fun policy(`value`: Output) {
this.policy = value
}
/**
* @param value The Policy Binding ID.
*/
@JvmName("ekgataiebmaxyhwh")
public suspend fun policyBindingId(`value`: Output) {
this.policyBindingId = value
}
/**
* @param value Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will
* be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED
* PRINCIPAL_ACCESS_BOUNDARY ACCESS
*/
@JvmName("hrwcpaaajocsdjbq")
public suspend fun policyKind(`value`: Output) {
this.policyKind = value
}
/**
* @param value
*/
@JvmName("kqssylrlxygvjbyo")
public suspend fun project(`value`: Output) {
this.project = value
}
/**
* @param value Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
@JvmName("gfsvghtuhnfccdtg")
public suspend fun target(`value`: Output) {
this.target = value
}
/**
* @param value Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
*/
@JvmName("mtxsxaonjmddpbcf")
public suspend fun annotations(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.annotations = mapped
}
/**
* @param values Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size
* limitations **Note**: This field is non-authoritative, and will only manage the annotations present in your
* configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
*/
@JvmName("deeusonptiyrgffk")
public fun annotations(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.annotations = mapped
}
/**
* @param value Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
*/
@JvmName("kdetarusyrvmvsqd")
public suspend fun condition(`value`: ProjectsPolicyBindingConditionArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.condition = mapped
}
/**
* @param argument Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The
* syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary
* size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() <
* 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\"
* expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description:
* \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type
* != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string
* with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and
* functions that may be referenced within an expression are determined by the service that evaluates it. See the service
* documentation for additional information.
*/
@JvmName("jtvyhebutjkdcevv")
public suspend fun condition(argument: suspend ProjectsPolicyBindingConditionArgsBuilder.() -> Unit) {
val toBeMapped = ProjectsPolicyBindingConditionArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.condition = mapped
}
/**
* @param value Optional. The description of the policy binding. Must be less than or equal to 63 characters.
*/
@JvmName("lwqmnceyvcedyuut")
public suspend fun displayName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.displayName = mapped
}
/**
* @param value The location of the Policy Binding
*/
@JvmName("psemfecbrpnackdd")
public suspend fun location(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.location = mapped
}
/**
* @param value Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
*/
@JvmName("tilpaigqrqegbctf")
public suspend fun policy(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policy = mapped
}
/**
* @param value The Policy Binding ID.
*/
@JvmName("uwtnxqklyxkqyvcb")
public suspend fun policyBindingId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyBindingId = mapped
}
/**
* @param value Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will
* be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED
* PRINCIPAL_ACCESS_BOUNDARY ACCESS
*/
@JvmName("xynlacooapoaetmv")
public suspend fun policyKind(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyKind = mapped
}
/**
* @param value
*/
@JvmName("rpsncnaedfmnxrlf")
public suspend fun project(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.project = mapped
}
/**
* @param value Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
@JvmName("xnlucojgmstuyqqm")
public suspend fun target(`value`: ProjectsPolicyBindingTargetArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.target = mapped
}
/**
* @param argument Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
* Structure is documented below.
*/
@JvmName("wtggoglcfjgjmspi")
public suspend fun target(argument: suspend ProjectsPolicyBindingTargetArgsBuilder.() -> Unit) {
val toBeMapped = ProjectsPolicyBindingTargetArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.target = mapped
}
internal fun build(): ProjectsPolicyBindingArgs = ProjectsPolicyBindingArgs(
annotations = annotations,
condition = condition,
displayName = displayName,
location = location,
policy = policy,
policyBindingId = policyBindingId,
policyKind = policyKind,
project = project,
target = target,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy