@pulumi/gcp 6.15.0 → 6.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/billing/accountIamBinding.d.ts +105 -0
- package/billing/accountIamBinding.js +75 -0
- package/billing/accountIamBinding.js.map +1 -1
- package/billing/accountIamMember.d.ts +105 -0
- package/billing/accountIamMember.js +75 -0
- package/billing/accountIamMember.js.map +1 -1
- package/billing/accountIamPolicy.d.ts +99 -0
- package/billing/accountIamPolicy.js +75 -0
- package/billing/accountIamPolicy.js.map +1 -1
- package/cloudfunctions/functionIamBinding.d.ts +142 -0
- package/cloudfunctions/functionIamBinding.js +85 -0
- package/cloudfunctions/functionIamBinding.js.map +1 -1
- package/cloudfunctions/functionIamMember.d.ts +142 -0
- package/cloudfunctions/functionIamMember.js +85 -0
- package/cloudfunctions/functionIamMember.js.map +1 -1
- package/cloudfunctions/functionIamPolicy.d.ts +139 -0
- package/cloudfunctions/functionIamPolicy.js +85 -0
- package/cloudfunctions/functionIamPolicy.js.map +1 -1
- package/compute/backendServiceIamBinding.d.ts +79 -0
- package/compute/backendServiceIamBinding.js +25 -0
- package/compute/backendServiceIamBinding.js.map +1 -1
- package/compute/backendServiceIamMember.d.ts +79 -0
- package/compute/backendServiceIamMember.js +25 -0
- package/compute/backendServiceIamMember.js.map +1 -1
- package/compute/backendServiceIamPolicy.d.ts +64 -0
- package/compute/backendServiceIamPolicy.js +25 -0
- package/compute/backendServiceIamPolicy.js.map +1 -1
- package/compute/mangedSslCertificate.d.ts +157 -27
- package/compute/mangedSslCertificate.js +97 -0
- package/compute/mangedSslCertificate.js.map +1 -1
- package/compute/regionBackendServiceIamBinding.d.ts +100 -0
- package/compute/regionBackendServiceIamBinding.js +25 -0
- package/compute/regionBackendServiceIamBinding.js.map +1 -1
- package/compute/regionBackendServiceIamMember.d.ts +100 -0
- package/compute/regionBackendServiceIamMember.js +25 -0
- package/compute/regionBackendServiceIamMember.js.map +1 -1
- package/compute/regionBackendServiceIamPolicy.d.ts +85 -0
- package/compute/regionBackendServiceIamPolicy.js +25 -0
- package/compute/regionBackendServiceIamPolicy.js.map +1 -1
- package/datacatalog/tagTemplateIamBinding.d.ts +121 -0
- package/datacatalog/tagTemplateIamBinding.js +79 -0
- package/datacatalog/tagTemplateIamBinding.js.map +1 -1
- package/datacatalog/tagTemplateIamMember.d.ts +121 -0
- package/datacatalog/tagTemplateIamMember.js +79 -0
- package/datacatalog/tagTemplateIamMember.js.map +1 -1
- package/datacatalog/tagTemplateIamPolicy.d.ts +118 -0
- package/datacatalog/tagTemplateIamPolicy.js +79 -0
- package/datacatalog/tagTemplateIamPolicy.js.map +1 -1
- package/folder/iamAuditConfig.d.ts +200 -8
- package/folder/iamAuditConfig.js +183 -0
- package/folder/iamAuditConfig.js.map +1 -1
- package/folder/iammember.d.ts +225 -0
- package/folder/iammember.js +183 -0
- package/folder/iammember.js.map +1 -1
- package/folder/iampolicy.d.ts +213 -0
- package/folder/iampolicy.js +183 -0
- package/folder/iampolicy.js.map +1 -1
- package/kms/registry.d.ts +149 -18
- package/kms/registry.js +89 -0
- package/kms/registry.js.map +1 -1
- package/monitoring/getSecretVersion.d.ts +52 -0
- package/monitoring/getSecretVersion.js +14 -0
- package/monitoring/getSecretVersion.js.map +1 -1
- package/organizations/iammember.d.ts +228 -3
- package/organizations/iammember.js +186 -0
- package/organizations/iammember.js.map +1 -1
- package/organizations/iampolicy.d.ts +216 -3
- package/organizations/iampolicy.js +186 -0
- package/organizations/iampolicy.js.map +1 -1
- package/package.json +2 -2
- package/package.json.dev +2 -2
- package/sourcerepo/getRepository.d.ts +29 -0
- package/sourcerepo/getRepository.js +17 -0
- package/sourcerepo/getRepository.js.map +1 -1
- package/types/input.d.ts +77 -0
- package/types/output.d.ts +77 -0
|
@@ -1,5 +1,80 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
import { input as inputs, output as outputs } from "../types";
|
|
3
|
+
/**
|
|
4
|
+
* Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
|
|
5
|
+
*
|
|
6
|
+
* * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
|
|
7
|
+
* * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
|
|
8
|
+
* * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
|
|
9
|
+
*
|
|
10
|
+
* > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
|
|
11
|
+
*
|
|
12
|
+
* > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
|
|
13
|
+
*
|
|
14
|
+
* ## google\_billing\_account\_iam\_policy
|
|
15
|
+
*
|
|
16
|
+
* ```typescript
|
|
17
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
18
|
+
* import * as gcp from "@pulumi/gcp";
|
|
19
|
+
*
|
|
20
|
+
* const admin = gcp.organizations.getIAMPolicy({
|
|
21
|
+
* bindings: [{
|
|
22
|
+
* role: "roles/billing.viewer",
|
|
23
|
+
* members: ["user:jane@example.com"],
|
|
24
|
+
* }],
|
|
25
|
+
* });
|
|
26
|
+
* const editor = new gcp.billing.AccountIamPolicy("editor", {
|
|
27
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
28
|
+
* policyData: admin.then(admin => admin.policyData),
|
|
29
|
+
* });
|
|
30
|
+
* ```
|
|
31
|
+
*
|
|
32
|
+
* ## google\_billing\_account\_iam\_binding
|
|
33
|
+
*
|
|
34
|
+
* ```typescript
|
|
35
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
36
|
+
* import * as gcp from "@pulumi/gcp";
|
|
37
|
+
*
|
|
38
|
+
* const editor = new gcp.billing.AccountIamBinding("editor", {
|
|
39
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
40
|
+
* members: ["user:jane@example.com"],
|
|
41
|
+
* role: "roles/billing.viewer",
|
|
42
|
+
* });
|
|
43
|
+
* ```
|
|
44
|
+
*
|
|
45
|
+
* ## google\_billing\_account\_iam\_member
|
|
46
|
+
*
|
|
47
|
+
* ```typescript
|
|
48
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
49
|
+
* import * as gcp from "@pulumi/gcp";
|
|
50
|
+
*
|
|
51
|
+
* const editor = new gcp.billing.AccountIamMember("editor", {
|
|
52
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
53
|
+
* member: "user:jane@example.com",
|
|
54
|
+
* role: "roles/billing.viewer",
|
|
55
|
+
* });
|
|
56
|
+
* ```
|
|
57
|
+
*
|
|
58
|
+
* ## Import
|
|
59
|
+
*
|
|
60
|
+
* Instance IAM resources can be imported using the project, table name, role and/or member.
|
|
61
|
+
*
|
|
62
|
+
* ```sh
|
|
63
|
+
* $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id"
|
|
64
|
+
* ```
|
|
65
|
+
*
|
|
66
|
+
* ```sh
|
|
67
|
+
* $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user"
|
|
68
|
+
* ```
|
|
69
|
+
*
|
|
70
|
+
* ```sh
|
|
71
|
+
* $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user user:jane@example.com"
|
|
72
|
+
* ```
|
|
73
|
+
*
|
|
74
|
+
* -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
|
|
75
|
+
*
|
|
76
|
+
* full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
|
|
77
|
+
*/
|
|
3
78
|
export declare class AccountIamBinding extends pulumi.CustomResource {
|
|
4
79
|
/**
|
|
5
80
|
* Get an existing AccountIamBinding resource's state with the given name, ID, and optional extra
|
|
@@ -16,10 +91,21 @@ export declare class AccountIamBinding extends pulumi.CustomResource {
|
|
|
16
91
|
* when multiple copies of the Pulumi SDK have been loaded into the same process.
|
|
17
92
|
*/
|
|
18
93
|
static isInstance(obj: any): obj is AccountIamBinding;
|
|
94
|
+
/**
|
|
95
|
+
* The billing account id.
|
|
96
|
+
*/
|
|
19
97
|
readonly billingAccountId: pulumi.Output<string>;
|
|
20
98
|
readonly condition: pulumi.Output<outputs.billing.AccountIamBindingCondition | undefined>;
|
|
99
|
+
/**
|
|
100
|
+
* (Computed) The etag of the billing account's IAM policy.
|
|
101
|
+
*/
|
|
21
102
|
readonly etag: pulumi.Output<string>;
|
|
22
103
|
readonly members: pulumi.Output<string[]>;
|
|
104
|
+
/**
|
|
105
|
+
* The role that should be applied. Only one
|
|
106
|
+
* `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
|
|
107
|
+
* `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
|
|
108
|
+
*/
|
|
23
109
|
readonly role: pulumi.Output<string>;
|
|
24
110
|
/**
|
|
25
111
|
* Create a AccountIamBinding resource with the given unique name, arguments, and options.
|
|
@@ -34,18 +120,37 @@ export declare class AccountIamBinding extends pulumi.CustomResource {
|
|
|
34
120
|
* Input properties used for looking up and filtering AccountIamBinding resources.
|
|
35
121
|
*/
|
|
36
122
|
export interface AccountIamBindingState {
|
|
123
|
+
/**
|
|
124
|
+
* The billing account id.
|
|
125
|
+
*/
|
|
37
126
|
billingAccountId?: pulumi.Input<string>;
|
|
38
127
|
condition?: pulumi.Input<inputs.billing.AccountIamBindingCondition>;
|
|
128
|
+
/**
|
|
129
|
+
* (Computed) The etag of the billing account's IAM policy.
|
|
130
|
+
*/
|
|
39
131
|
etag?: pulumi.Input<string>;
|
|
40
132
|
members?: pulumi.Input<pulumi.Input<string>[]>;
|
|
133
|
+
/**
|
|
134
|
+
* The role that should be applied. Only one
|
|
135
|
+
* `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
|
|
136
|
+
* `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
|
|
137
|
+
*/
|
|
41
138
|
role?: pulumi.Input<string>;
|
|
42
139
|
}
|
|
43
140
|
/**
|
|
44
141
|
* The set of arguments for constructing a AccountIamBinding resource.
|
|
45
142
|
*/
|
|
46
143
|
export interface AccountIamBindingArgs {
|
|
144
|
+
/**
|
|
145
|
+
* The billing account id.
|
|
146
|
+
*/
|
|
47
147
|
billingAccountId: pulumi.Input<string>;
|
|
48
148
|
condition?: pulumi.Input<inputs.billing.AccountIamBindingCondition>;
|
|
49
149
|
members: pulumi.Input<pulumi.Input<string>[]>;
|
|
150
|
+
/**
|
|
151
|
+
* The role that should be applied. Only one
|
|
152
|
+
* `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
|
|
153
|
+
* `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
|
|
154
|
+
*/
|
|
50
155
|
role: pulumi.Input<string>;
|
|
51
156
|
}
|
|
@@ -5,6 +5,81 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
5
5
|
exports.AccountIamBinding = void 0;
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
|
+
/**
|
|
9
|
+
* Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
|
|
10
|
+
*
|
|
11
|
+
* * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
|
|
12
|
+
* * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
|
|
13
|
+
* * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
|
|
14
|
+
*
|
|
15
|
+
* > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
|
|
16
|
+
*
|
|
17
|
+
* > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
|
|
18
|
+
*
|
|
19
|
+
* ## google\_billing\_account\_iam\_policy
|
|
20
|
+
*
|
|
21
|
+
* ```typescript
|
|
22
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
23
|
+
* import * as gcp from "@pulumi/gcp";
|
|
24
|
+
*
|
|
25
|
+
* const admin = gcp.organizations.getIAMPolicy({
|
|
26
|
+
* bindings: [{
|
|
27
|
+
* role: "roles/billing.viewer",
|
|
28
|
+
* members: ["user:jane@example.com"],
|
|
29
|
+
* }],
|
|
30
|
+
* });
|
|
31
|
+
* const editor = new gcp.billing.AccountIamPolicy("editor", {
|
|
32
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
33
|
+
* policyData: admin.then(admin => admin.policyData),
|
|
34
|
+
* });
|
|
35
|
+
* ```
|
|
36
|
+
*
|
|
37
|
+
* ## google\_billing\_account\_iam\_binding
|
|
38
|
+
*
|
|
39
|
+
* ```typescript
|
|
40
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
41
|
+
* import * as gcp from "@pulumi/gcp";
|
|
42
|
+
*
|
|
43
|
+
* const editor = new gcp.billing.AccountIamBinding("editor", {
|
|
44
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
45
|
+
* members: ["user:jane@example.com"],
|
|
46
|
+
* role: "roles/billing.viewer",
|
|
47
|
+
* });
|
|
48
|
+
* ```
|
|
49
|
+
*
|
|
50
|
+
* ## google\_billing\_account\_iam\_member
|
|
51
|
+
*
|
|
52
|
+
* ```typescript
|
|
53
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
54
|
+
* import * as gcp from "@pulumi/gcp";
|
|
55
|
+
*
|
|
56
|
+
* const editor = new gcp.billing.AccountIamMember("editor", {
|
|
57
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
58
|
+
* member: "user:jane@example.com",
|
|
59
|
+
* role: "roles/billing.viewer",
|
|
60
|
+
* });
|
|
61
|
+
* ```
|
|
62
|
+
*
|
|
63
|
+
* ## Import
|
|
64
|
+
*
|
|
65
|
+
* Instance IAM resources can be imported using the project, table name, role and/or member.
|
|
66
|
+
*
|
|
67
|
+
* ```sh
|
|
68
|
+
* $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id"
|
|
69
|
+
* ```
|
|
70
|
+
*
|
|
71
|
+
* ```sh
|
|
72
|
+
* $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user"
|
|
73
|
+
* ```
|
|
74
|
+
*
|
|
75
|
+
* ```sh
|
|
76
|
+
* $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user user:jane@example.com"
|
|
77
|
+
* ```
|
|
78
|
+
*
|
|
79
|
+
* -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
|
|
80
|
+
*
|
|
81
|
+
* full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
|
|
82
|
+
*/
|
|
8
83
|
class AccountIamBinding extends pulumi.CustomResource {
|
|
9
84
|
constructor(name, argsOrState, opts) {
|
|
10
85
|
let resourceInputs = {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"accountIamBinding.js","sourceRoot":"","sources":["../../billing/accountIamBinding.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;
|
|
1
|
+
{"version":3,"file":"accountIamBinding.js","sourceRoot":"","sources":["../../billing/accountIamBinding.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0EG;AACH,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IAqDxD,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;IAjFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;;AA1BL,8CAmFC;AArEG,gBAAgB;AACO,8BAAY,GAAG,iDAAiD,CAAC"}
|
|
@@ -1,5 +1,80 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
import { input as inputs, output as outputs } from "../types";
|
|
3
|
+
/**
|
|
4
|
+
* Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
|
|
5
|
+
*
|
|
6
|
+
* * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
|
|
7
|
+
* * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
|
|
8
|
+
* * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
|
|
9
|
+
*
|
|
10
|
+
* > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
|
|
11
|
+
*
|
|
12
|
+
* > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
|
|
13
|
+
*
|
|
14
|
+
* ## google\_billing\_account\_iam\_policy
|
|
15
|
+
*
|
|
16
|
+
* ```typescript
|
|
17
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
18
|
+
* import * as gcp from "@pulumi/gcp";
|
|
19
|
+
*
|
|
20
|
+
* const admin = gcp.organizations.getIAMPolicy({
|
|
21
|
+
* bindings: [{
|
|
22
|
+
* role: "roles/billing.viewer",
|
|
23
|
+
* members: ["user:jane@example.com"],
|
|
24
|
+
* }],
|
|
25
|
+
* });
|
|
26
|
+
* const editor = new gcp.billing.AccountIamPolicy("editor", {
|
|
27
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
28
|
+
* policyData: admin.then(admin => admin.policyData),
|
|
29
|
+
* });
|
|
30
|
+
* ```
|
|
31
|
+
*
|
|
32
|
+
* ## google\_billing\_account\_iam\_binding
|
|
33
|
+
*
|
|
34
|
+
* ```typescript
|
|
35
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
36
|
+
* import * as gcp from "@pulumi/gcp";
|
|
37
|
+
*
|
|
38
|
+
* const editor = new gcp.billing.AccountIamBinding("editor", {
|
|
39
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
40
|
+
* members: ["user:jane@example.com"],
|
|
41
|
+
* role: "roles/billing.viewer",
|
|
42
|
+
* });
|
|
43
|
+
* ```
|
|
44
|
+
*
|
|
45
|
+
* ## google\_billing\_account\_iam\_member
|
|
46
|
+
*
|
|
47
|
+
* ```typescript
|
|
48
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
49
|
+
* import * as gcp from "@pulumi/gcp";
|
|
50
|
+
*
|
|
51
|
+
* const editor = new gcp.billing.AccountIamMember("editor", {
|
|
52
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
53
|
+
* member: "user:jane@example.com",
|
|
54
|
+
* role: "roles/billing.viewer",
|
|
55
|
+
* });
|
|
56
|
+
* ```
|
|
57
|
+
*
|
|
58
|
+
* ## Import
|
|
59
|
+
*
|
|
60
|
+
* Instance IAM resources can be imported using the project, table name, role and/or member.
|
|
61
|
+
*
|
|
62
|
+
* ```sh
|
|
63
|
+
* $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id"
|
|
64
|
+
* ```
|
|
65
|
+
*
|
|
66
|
+
* ```sh
|
|
67
|
+
* $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user"
|
|
68
|
+
* ```
|
|
69
|
+
*
|
|
70
|
+
* ```sh
|
|
71
|
+
* $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user user:jane@example.com"
|
|
72
|
+
* ```
|
|
73
|
+
*
|
|
74
|
+
* -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
|
|
75
|
+
*
|
|
76
|
+
* full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
|
|
77
|
+
*/
|
|
3
78
|
export declare class AccountIamMember extends pulumi.CustomResource {
|
|
4
79
|
/**
|
|
5
80
|
* Get an existing AccountIamMember resource's state with the given name, ID, and optional extra
|
|
@@ -16,10 +91,21 @@ export declare class AccountIamMember extends pulumi.CustomResource {
|
|
|
16
91
|
* when multiple copies of the Pulumi SDK have been loaded into the same process.
|
|
17
92
|
*/
|
|
18
93
|
static isInstance(obj: any): obj is AccountIamMember;
|
|
94
|
+
/**
|
|
95
|
+
* The billing account id.
|
|
96
|
+
*/
|
|
19
97
|
readonly billingAccountId: pulumi.Output<string>;
|
|
20
98
|
readonly condition: pulumi.Output<outputs.billing.AccountIamMemberCondition | undefined>;
|
|
99
|
+
/**
|
|
100
|
+
* (Computed) The etag of the billing account's IAM policy.
|
|
101
|
+
*/
|
|
21
102
|
readonly etag: pulumi.Output<string>;
|
|
22
103
|
readonly member: pulumi.Output<string>;
|
|
104
|
+
/**
|
|
105
|
+
* The role that should be applied. Only one
|
|
106
|
+
* `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
|
|
107
|
+
* `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
|
|
108
|
+
*/
|
|
23
109
|
readonly role: pulumi.Output<string>;
|
|
24
110
|
/**
|
|
25
111
|
* Create a AccountIamMember resource with the given unique name, arguments, and options.
|
|
@@ -34,18 +120,37 @@ export declare class AccountIamMember extends pulumi.CustomResource {
|
|
|
34
120
|
* Input properties used for looking up and filtering AccountIamMember resources.
|
|
35
121
|
*/
|
|
36
122
|
export interface AccountIamMemberState {
|
|
123
|
+
/**
|
|
124
|
+
* The billing account id.
|
|
125
|
+
*/
|
|
37
126
|
billingAccountId?: pulumi.Input<string>;
|
|
38
127
|
condition?: pulumi.Input<inputs.billing.AccountIamMemberCondition>;
|
|
128
|
+
/**
|
|
129
|
+
* (Computed) The etag of the billing account's IAM policy.
|
|
130
|
+
*/
|
|
39
131
|
etag?: pulumi.Input<string>;
|
|
40
132
|
member?: pulumi.Input<string>;
|
|
133
|
+
/**
|
|
134
|
+
* The role that should be applied. Only one
|
|
135
|
+
* `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
|
|
136
|
+
* `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
|
|
137
|
+
*/
|
|
41
138
|
role?: pulumi.Input<string>;
|
|
42
139
|
}
|
|
43
140
|
/**
|
|
44
141
|
* The set of arguments for constructing a AccountIamMember resource.
|
|
45
142
|
*/
|
|
46
143
|
export interface AccountIamMemberArgs {
|
|
144
|
+
/**
|
|
145
|
+
* The billing account id.
|
|
146
|
+
*/
|
|
47
147
|
billingAccountId: pulumi.Input<string>;
|
|
48
148
|
condition?: pulumi.Input<inputs.billing.AccountIamMemberCondition>;
|
|
49
149
|
member: pulumi.Input<string>;
|
|
150
|
+
/**
|
|
151
|
+
* The role that should be applied. Only one
|
|
152
|
+
* `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
|
|
153
|
+
* `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
|
|
154
|
+
*/
|
|
50
155
|
role: pulumi.Input<string>;
|
|
51
156
|
}
|
|
@@ -5,6 +5,81 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
5
5
|
exports.AccountIamMember = void 0;
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
|
+
/**
|
|
9
|
+
* Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
|
|
10
|
+
*
|
|
11
|
+
* * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
|
|
12
|
+
* * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
|
|
13
|
+
* * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
|
|
14
|
+
*
|
|
15
|
+
* > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
|
|
16
|
+
*
|
|
17
|
+
* > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
|
|
18
|
+
*
|
|
19
|
+
* ## google\_billing\_account\_iam\_policy
|
|
20
|
+
*
|
|
21
|
+
* ```typescript
|
|
22
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
23
|
+
* import * as gcp from "@pulumi/gcp";
|
|
24
|
+
*
|
|
25
|
+
* const admin = gcp.organizations.getIAMPolicy({
|
|
26
|
+
* bindings: [{
|
|
27
|
+
* role: "roles/billing.viewer",
|
|
28
|
+
* members: ["user:jane@example.com"],
|
|
29
|
+
* }],
|
|
30
|
+
* });
|
|
31
|
+
* const editor = new gcp.billing.AccountIamPolicy("editor", {
|
|
32
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
33
|
+
* policyData: admin.then(admin => admin.policyData),
|
|
34
|
+
* });
|
|
35
|
+
* ```
|
|
36
|
+
*
|
|
37
|
+
* ## google\_billing\_account\_iam\_binding
|
|
38
|
+
*
|
|
39
|
+
* ```typescript
|
|
40
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
41
|
+
* import * as gcp from "@pulumi/gcp";
|
|
42
|
+
*
|
|
43
|
+
* const editor = new gcp.billing.AccountIamBinding("editor", {
|
|
44
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
45
|
+
* members: ["user:jane@example.com"],
|
|
46
|
+
* role: "roles/billing.viewer",
|
|
47
|
+
* });
|
|
48
|
+
* ```
|
|
49
|
+
*
|
|
50
|
+
* ## google\_billing\_account\_iam\_member
|
|
51
|
+
*
|
|
52
|
+
* ```typescript
|
|
53
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
54
|
+
* import * as gcp from "@pulumi/gcp";
|
|
55
|
+
*
|
|
56
|
+
* const editor = new gcp.billing.AccountIamMember("editor", {
|
|
57
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
58
|
+
* member: "user:jane@example.com",
|
|
59
|
+
* role: "roles/billing.viewer",
|
|
60
|
+
* });
|
|
61
|
+
* ```
|
|
62
|
+
*
|
|
63
|
+
* ## Import
|
|
64
|
+
*
|
|
65
|
+
* Instance IAM resources can be imported using the project, table name, role and/or member.
|
|
66
|
+
*
|
|
67
|
+
* ```sh
|
|
68
|
+
* $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id"
|
|
69
|
+
* ```
|
|
70
|
+
*
|
|
71
|
+
* ```sh
|
|
72
|
+
* $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user"
|
|
73
|
+
* ```
|
|
74
|
+
*
|
|
75
|
+
* ```sh
|
|
76
|
+
* $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user user:jane@example.com"
|
|
77
|
+
* ```
|
|
78
|
+
*
|
|
79
|
+
* -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
|
|
80
|
+
*
|
|
81
|
+
* full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
|
|
82
|
+
*/
|
|
8
83
|
class AccountIamMember extends pulumi.CustomResource {
|
|
9
84
|
constructor(name, argsOrState, opts) {
|
|
10
85
|
let resourceInputs = {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"accountIamMember.js","sourceRoot":"","sources":["../../billing/accountIamMember.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;
|
|
1
|
+
{"version":3,"file":"accountIamMember.js","sourceRoot":"","sources":["../../billing/accountIamMember.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0EG;AACH,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IAqDvD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAjFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;;AA1BL,4CAmFC;AArEG,gBAAgB;AACO,6BAAY,GAAG,+CAA+C,CAAC"}
|
|
@@ -1,4 +1,79 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
|
+
/**
|
|
3
|
+
* Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
|
|
4
|
+
*
|
|
5
|
+
* * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
|
|
6
|
+
* * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
|
|
7
|
+
* * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
|
|
8
|
+
*
|
|
9
|
+
* > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
|
|
10
|
+
*
|
|
11
|
+
* > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
|
|
12
|
+
*
|
|
13
|
+
* ## google\_billing\_account\_iam\_policy
|
|
14
|
+
*
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
17
|
+
* import * as gcp from "@pulumi/gcp";
|
|
18
|
+
*
|
|
19
|
+
* const admin = gcp.organizations.getIAMPolicy({
|
|
20
|
+
* bindings: [{
|
|
21
|
+
* role: "roles/billing.viewer",
|
|
22
|
+
* members: ["user:jane@example.com"],
|
|
23
|
+
* }],
|
|
24
|
+
* });
|
|
25
|
+
* const editor = new gcp.billing.AccountIamPolicy("editor", {
|
|
26
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
27
|
+
* policyData: admin.then(admin => admin.policyData),
|
|
28
|
+
* });
|
|
29
|
+
* ```
|
|
30
|
+
*
|
|
31
|
+
* ## google\_billing\_account\_iam\_binding
|
|
32
|
+
*
|
|
33
|
+
* ```typescript
|
|
34
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
35
|
+
* import * as gcp from "@pulumi/gcp";
|
|
36
|
+
*
|
|
37
|
+
* const editor = new gcp.billing.AccountIamBinding("editor", {
|
|
38
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
39
|
+
* members: ["user:jane@example.com"],
|
|
40
|
+
* role: "roles/billing.viewer",
|
|
41
|
+
* });
|
|
42
|
+
* ```
|
|
43
|
+
*
|
|
44
|
+
* ## google\_billing\_account\_iam\_member
|
|
45
|
+
*
|
|
46
|
+
* ```typescript
|
|
47
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
48
|
+
* import * as gcp from "@pulumi/gcp";
|
|
49
|
+
*
|
|
50
|
+
* const editor = new gcp.billing.AccountIamMember("editor", {
|
|
51
|
+
* billingAccountId: "00AA00-000AAA-00AA0A",
|
|
52
|
+
* member: "user:jane@example.com",
|
|
53
|
+
* role: "roles/billing.viewer",
|
|
54
|
+
* });
|
|
55
|
+
* ```
|
|
56
|
+
*
|
|
57
|
+
* ## Import
|
|
58
|
+
*
|
|
59
|
+
* Instance IAM resources can be imported using the project, table name, role and/or member.
|
|
60
|
+
*
|
|
61
|
+
* ```sh
|
|
62
|
+
* $ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy binding "your-billing-account-id"
|
|
63
|
+
* ```
|
|
64
|
+
*
|
|
65
|
+
* ```sh
|
|
66
|
+
* $ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy binding "your-billing-account-id roles/billing.user"
|
|
67
|
+
* ```
|
|
68
|
+
*
|
|
69
|
+
* ```sh
|
|
70
|
+
* $ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy binding "your-billing-account-id roles/billing.user user:jane@example.com"
|
|
71
|
+
* ```
|
|
72
|
+
*
|
|
73
|
+
* -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
|
|
74
|
+
*
|
|
75
|
+
* full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
|
|
76
|
+
*/
|
|
2
77
|
export declare class AccountIamPolicy extends pulumi.CustomResource {
|
|
3
78
|
/**
|
|
4
79
|
* Get an existing AccountIamPolicy resource's state with the given name, ID, and optional extra
|
|
@@ -15,8 +90,17 @@ export declare class AccountIamPolicy extends pulumi.CustomResource {
|
|
|
15
90
|
* when multiple copies of the Pulumi SDK have been loaded into the same process.
|
|
16
91
|
*/
|
|
17
92
|
static isInstance(obj: any): obj is AccountIamPolicy;
|
|
93
|
+
/**
|
|
94
|
+
* The billing account id.
|
|
95
|
+
*/
|
|
18
96
|
readonly billingAccountId: pulumi.Output<string>;
|
|
97
|
+
/**
|
|
98
|
+
* (Computed) The etag of the billing account's IAM policy.
|
|
99
|
+
*/
|
|
19
100
|
readonly etag: pulumi.Output<string>;
|
|
101
|
+
/**
|
|
102
|
+
* The policy data generated by a `gcp.organizations.getIAMPolicy` data source.
|
|
103
|
+
*/
|
|
20
104
|
readonly policyData: pulumi.Output<string>;
|
|
21
105
|
/**
|
|
22
106
|
* Create a AccountIamPolicy resource with the given unique name, arguments, and options.
|
|
@@ -31,14 +115,29 @@ export declare class AccountIamPolicy extends pulumi.CustomResource {
|
|
|
31
115
|
* Input properties used for looking up and filtering AccountIamPolicy resources.
|
|
32
116
|
*/
|
|
33
117
|
export interface AccountIamPolicyState {
|
|
118
|
+
/**
|
|
119
|
+
* The billing account id.
|
|
120
|
+
*/
|
|
34
121
|
billingAccountId?: pulumi.Input<string>;
|
|
122
|
+
/**
|
|
123
|
+
* (Computed) The etag of the billing account's IAM policy.
|
|
124
|
+
*/
|
|
35
125
|
etag?: pulumi.Input<string>;
|
|
126
|
+
/**
|
|
127
|
+
* The policy data generated by a `gcp.organizations.getIAMPolicy` data source.
|
|
128
|
+
*/
|
|
36
129
|
policyData?: pulumi.Input<string>;
|
|
37
130
|
}
|
|
38
131
|
/**
|
|
39
132
|
* The set of arguments for constructing a AccountIamPolicy resource.
|
|
40
133
|
*/
|
|
41
134
|
export interface AccountIamPolicyArgs {
|
|
135
|
+
/**
|
|
136
|
+
* The billing account id.
|
|
137
|
+
*/
|
|
42
138
|
billingAccountId: pulumi.Input<string>;
|
|
139
|
+
/**
|
|
140
|
+
* The policy data generated by a `gcp.organizations.getIAMPolicy` data source.
|
|
141
|
+
*/
|
|
43
142
|
policyData: pulumi.Input<string>;
|
|
44
143
|
}
|