@pulumi/gcp 6.15.0 → 6.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/billing/accountIamBinding.d.ts +105 -0
  2. package/billing/accountIamBinding.js +75 -0
  3. package/billing/accountIamBinding.js.map +1 -1
  4. package/billing/accountIamMember.d.ts +105 -0
  5. package/billing/accountIamMember.js +75 -0
  6. package/billing/accountIamMember.js.map +1 -1
  7. package/billing/accountIamPolicy.d.ts +99 -0
  8. package/billing/accountIamPolicy.js +75 -0
  9. package/billing/accountIamPolicy.js.map +1 -1
  10. package/cloudfunctions/functionIamBinding.d.ts +142 -0
  11. package/cloudfunctions/functionIamBinding.js +85 -0
  12. package/cloudfunctions/functionIamBinding.js.map +1 -1
  13. package/cloudfunctions/functionIamMember.d.ts +142 -0
  14. package/cloudfunctions/functionIamMember.js +85 -0
  15. package/cloudfunctions/functionIamMember.js.map +1 -1
  16. package/cloudfunctions/functionIamPolicy.d.ts +139 -0
  17. package/cloudfunctions/functionIamPolicy.js +85 -0
  18. package/cloudfunctions/functionIamPolicy.js.map +1 -1
  19. package/compute/backendServiceIamBinding.d.ts +79 -0
  20. package/compute/backendServiceIamBinding.js +25 -0
  21. package/compute/backendServiceIamBinding.js.map +1 -1
  22. package/compute/backendServiceIamMember.d.ts +79 -0
  23. package/compute/backendServiceIamMember.js +25 -0
  24. package/compute/backendServiceIamMember.js.map +1 -1
  25. package/compute/backendServiceIamPolicy.d.ts +64 -0
  26. package/compute/backendServiceIamPolicy.js +25 -0
  27. package/compute/backendServiceIamPolicy.js.map +1 -1
  28. package/compute/mangedSslCertificate.d.ts +157 -27
  29. package/compute/mangedSslCertificate.js +97 -0
  30. package/compute/mangedSslCertificate.js.map +1 -1
  31. package/compute/regionBackendServiceIamBinding.d.ts +100 -0
  32. package/compute/regionBackendServiceIamBinding.js +25 -0
  33. package/compute/regionBackendServiceIamBinding.js.map +1 -1
  34. package/compute/regionBackendServiceIamMember.d.ts +100 -0
  35. package/compute/regionBackendServiceIamMember.js +25 -0
  36. package/compute/regionBackendServiceIamMember.js.map +1 -1
  37. package/compute/regionBackendServiceIamPolicy.d.ts +85 -0
  38. package/compute/regionBackendServiceIamPolicy.js +25 -0
  39. package/compute/regionBackendServiceIamPolicy.js.map +1 -1
  40. package/datacatalog/tagTemplateIamBinding.d.ts +121 -0
  41. package/datacatalog/tagTemplateIamBinding.js +79 -0
  42. package/datacatalog/tagTemplateIamBinding.js.map +1 -1
  43. package/datacatalog/tagTemplateIamMember.d.ts +121 -0
  44. package/datacatalog/tagTemplateIamMember.js +79 -0
  45. package/datacatalog/tagTemplateIamMember.js.map +1 -1
  46. package/datacatalog/tagTemplateIamPolicy.d.ts +118 -0
  47. package/datacatalog/tagTemplateIamPolicy.js +79 -0
  48. package/datacatalog/tagTemplateIamPolicy.js.map +1 -1
  49. package/folder/iamAuditConfig.d.ts +200 -8
  50. package/folder/iamAuditConfig.js +183 -0
  51. package/folder/iamAuditConfig.js.map +1 -1
  52. package/folder/iammember.d.ts +225 -0
  53. package/folder/iammember.js +183 -0
  54. package/folder/iammember.js.map +1 -1
  55. package/folder/iampolicy.d.ts +213 -0
  56. package/folder/iampolicy.js +183 -0
  57. package/folder/iampolicy.js.map +1 -1
  58. package/kms/registry.d.ts +149 -18
  59. package/kms/registry.js +89 -0
  60. package/kms/registry.js.map +1 -1
  61. package/monitoring/getSecretVersion.d.ts +52 -0
  62. package/monitoring/getSecretVersion.js +14 -0
  63. package/monitoring/getSecretVersion.js.map +1 -1
  64. package/organizations/iammember.d.ts +228 -3
  65. package/organizations/iammember.js +186 -0
  66. package/organizations/iammember.js.map +1 -1
  67. package/organizations/iampolicy.d.ts +216 -3
  68. package/organizations/iampolicy.js +186 -0
  69. package/organizations/iampolicy.js.map +1 -1
  70. package/package.json +2 -2
  71. package/package.json.dev +2 -2
  72. package/sourcerepo/getRepository.d.ts +29 -0
  73. package/sourcerepo/getRepository.js +17 -0
  74. package/sourcerepo/getRepository.js.map +1 -1
  75. package/types/input.d.ts +77 -0
  76. package/types/output.d.ts +77 -0
@@ -1,5 +1,80 @@
1
1
  import * as pulumi from "@pulumi/pulumi";
2
2
  import { input as inputs, output as outputs } from "../types";
3
+ /**
4
+ * Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
5
+ *
6
+ * * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
7
+ * * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
8
+ * * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
9
+ *
10
+ * > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
11
+ *
12
+ * > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
13
+ *
14
+ * ## google\_billing\_account\_iam\_policy
15
+ *
16
+ * ```typescript
17
+ * import * as pulumi from "@pulumi/pulumi";
18
+ * import * as gcp from "@pulumi/gcp";
19
+ *
20
+ * const admin = gcp.organizations.getIAMPolicy({
21
+ * bindings: [{
22
+ * role: "roles/billing.viewer",
23
+ * members: ["user:jane@example.com"],
24
+ * }],
25
+ * });
26
+ * const editor = new gcp.billing.AccountIamPolicy("editor", {
27
+ * billingAccountId: "00AA00-000AAA-00AA0A",
28
+ * policyData: admin.then(admin => admin.policyData),
29
+ * });
30
+ * ```
31
+ *
32
+ * ## google\_billing\_account\_iam\_binding
33
+ *
34
+ * ```typescript
35
+ * import * as pulumi from "@pulumi/pulumi";
36
+ * import * as gcp from "@pulumi/gcp";
37
+ *
38
+ * const editor = new gcp.billing.AccountIamBinding("editor", {
39
+ * billingAccountId: "00AA00-000AAA-00AA0A",
40
+ * members: ["user:jane@example.com"],
41
+ * role: "roles/billing.viewer",
42
+ * });
43
+ * ```
44
+ *
45
+ * ## google\_billing\_account\_iam\_member
46
+ *
47
+ * ```typescript
48
+ * import * as pulumi from "@pulumi/pulumi";
49
+ * import * as gcp from "@pulumi/gcp";
50
+ *
51
+ * const editor = new gcp.billing.AccountIamMember("editor", {
52
+ * billingAccountId: "00AA00-000AAA-00AA0A",
53
+ * member: "user:jane@example.com",
54
+ * role: "roles/billing.viewer",
55
+ * });
56
+ * ```
57
+ *
58
+ * ## Import
59
+ *
60
+ * Instance IAM resources can be imported using the project, table name, role and/or member.
61
+ *
62
+ * ```sh
63
+ * $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id"
64
+ * ```
65
+ *
66
+ * ```sh
67
+ * $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user"
68
+ * ```
69
+ *
70
+ * ```sh
71
+ * $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user user:jane@example.com"
72
+ * ```
73
+ *
74
+ * -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
75
+ *
76
+ * full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
77
+ */
3
78
  export declare class AccountIamBinding extends pulumi.CustomResource {
4
79
  /**
5
80
  * Get an existing AccountIamBinding resource's state with the given name, ID, and optional extra
@@ -16,10 +91,21 @@ export declare class AccountIamBinding extends pulumi.CustomResource {
16
91
  * when multiple copies of the Pulumi SDK have been loaded into the same process.
17
92
  */
18
93
  static isInstance(obj: any): obj is AccountIamBinding;
94
+ /**
95
+ * The billing account id.
96
+ */
19
97
  readonly billingAccountId: pulumi.Output<string>;
20
98
  readonly condition: pulumi.Output<outputs.billing.AccountIamBindingCondition | undefined>;
99
+ /**
100
+ * (Computed) The etag of the billing account's IAM policy.
101
+ */
21
102
  readonly etag: pulumi.Output<string>;
22
103
  readonly members: pulumi.Output<string[]>;
104
+ /**
105
+ * The role that should be applied. Only one
106
+ * `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
107
+ * `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
108
+ */
23
109
  readonly role: pulumi.Output<string>;
24
110
  /**
25
111
  * Create a AccountIamBinding resource with the given unique name, arguments, and options.
@@ -34,18 +120,37 @@ export declare class AccountIamBinding extends pulumi.CustomResource {
34
120
  * Input properties used for looking up and filtering AccountIamBinding resources.
35
121
  */
36
122
  export interface AccountIamBindingState {
123
+ /**
124
+ * The billing account id.
125
+ */
37
126
  billingAccountId?: pulumi.Input<string>;
38
127
  condition?: pulumi.Input<inputs.billing.AccountIamBindingCondition>;
128
+ /**
129
+ * (Computed) The etag of the billing account's IAM policy.
130
+ */
39
131
  etag?: pulumi.Input<string>;
40
132
  members?: pulumi.Input<pulumi.Input<string>[]>;
133
+ /**
134
+ * The role that should be applied. Only one
135
+ * `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
136
+ * `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
137
+ */
41
138
  role?: pulumi.Input<string>;
42
139
  }
43
140
  /**
44
141
  * The set of arguments for constructing a AccountIamBinding resource.
45
142
  */
46
143
  export interface AccountIamBindingArgs {
144
+ /**
145
+ * The billing account id.
146
+ */
47
147
  billingAccountId: pulumi.Input<string>;
48
148
  condition?: pulumi.Input<inputs.billing.AccountIamBindingCondition>;
49
149
  members: pulumi.Input<pulumi.Input<string>[]>;
150
+ /**
151
+ * The role that should be applied. Only one
152
+ * `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
153
+ * `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
154
+ */
50
155
  role: pulumi.Input<string>;
51
156
  }
@@ -5,6 +5,81 @@ Object.defineProperty(exports, "__esModule", { value: true });
5
5
  exports.AccountIamBinding = void 0;
6
6
  const pulumi = require("@pulumi/pulumi");
7
7
  const utilities = require("../utilities");
8
+ /**
9
+ * Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
10
+ *
11
+ * * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
12
+ * * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
13
+ * * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
14
+ *
15
+ * > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
16
+ *
17
+ * > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
18
+ *
19
+ * ## google\_billing\_account\_iam\_policy
20
+ *
21
+ * ```typescript
22
+ * import * as pulumi from "@pulumi/pulumi";
23
+ * import * as gcp from "@pulumi/gcp";
24
+ *
25
+ * const admin = gcp.organizations.getIAMPolicy({
26
+ * bindings: [{
27
+ * role: "roles/billing.viewer",
28
+ * members: ["user:jane@example.com"],
29
+ * }],
30
+ * });
31
+ * const editor = new gcp.billing.AccountIamPolicy("editor", {
32
+ * billingAccountId: "00AA00-000AAA-00AA0A",
33
+ * policyData: admin.then(admin => admin.policyData),
34
+ * });
35
+ * ```
36
+ *
37
+ * ## google\_billing\_account\_iam\_binding
38
+ *
39
+ * ```typescript
40
+ * import * as pulumi from "@pulumi/pulumi";
41
+ * import * as gcp from "@pulumi/gcp";
42
+ *
43
+ * const editor = new gcp.billing.AccountIamBinding("editor", {
44
+ * billingAccountId: "00AA00-000AAA-00AA0A",
45
+ * members: ["user:jane@example.com"],
46
+ * role: "roles/billing.viewer",
47
+ * });
48
+ * ```
49
+ *
50
+ * ## google\_billing\_account\_iam\_member
51
+ *
52
+ * ```typescript
53
+ * import * as pulumi from "@pulumi/pulumi";
54
+ * import * as gcp from "@pulumi/gcp";
55
+ *
56
+ * const editor = new gcp.billing.AccountIamMember("editor", {
57
+ * billingAccountId: "00AA00-000AAA-00AA0A",
58
+ * member: "user:jane@example.com",
59
+ * role: "roles/billing.viewer",
60
+ * });
61
+ * ```
62
+ *
63
+ * ## Import
64
+ *
65
+ * Instance IAM resources can be imported using the project, table name, role and/or member.
66
+ *
67
+ * ```sh
68
+ * $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id"
69
+ * ```
70
+ *
71
+ * ```sh
72
+ * $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user"
73
+ * ```
74
+ *
75
+ * ```sh
76
+ * $ pulumi import gcp:billing/accountIamBinding:AccountIamBinding binding "your-billing-account-id roles/billing.user user:jane@example.com"
77
+ * ```
78
+ *
79
+ * -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
80
+ *
81
+ * full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
82
+ */
8
83
  class AccountIamBinding extends pulumi.CustomResource {
9
84
  constructor(name, argsOrState, opts) {
10
85
  let resourceInputs = {};
@@ -1 +1 @@
1
- {"version":3,"file":"accountIamBinding.js","sourceRoot":"","sources":["../../billing/accountIamBinding.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IA0CxD,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;IAtED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;;AA1BL,8CAwEC;AA1DG,gBAAgB;AACO,8BAAY,GAAG,iDAAiD,CAAC"}
1
+ {"version":3,"file":"accountIamBinding.js","sourceRoot":"","sources":["../../billing/accountIamBinding.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0EG;AACH,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IAqDxD,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;IAjFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;;AA1BL,8CAmFC;AArEG,gBAAgB;AACO,8BAAY,GAAG,iDAAiD,CAAC"}
@@ -1,5 +1,80 @@
1
1
  import * as pulumi from "@pulumi/pulumi";
2
2
  import { input as inputs, output as outputs } from "../types";
3
+ /**
4
+ * Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
5
+ *
6
+ * * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
7
+ * * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
8
+ * * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
9
+ *
10
+ * > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
11
+ *
12
+ * > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
13
+ *
14
+ * ## google\_billing\_account\_iam\_policy
15
+ *
16
+ * ```typescript
17
+ * import * as pulumi from "@pulumi/pulumi";
18
+ * import * as gcp from "@pulumi/gcp";
19
+ *
20
+ * const admin = gcp.organizations.getIAMPolicy({
21
+ * bindings: [{
22
+ * role: "roles/billing.viewer",
23
+ * members: ["user:jane@example.com"],
24
+ * }],
25
+ * });
26
+ * const editor = new gcp.billing.AccountIamPolicy("editor", {
27
+ * billingAccountId: "00AA00-000AAA-00AA0A",
28
+ * policyData: admin.then(admin => admin.policyData),
29
+ * });
30
+ * ```
31
+ *
32
+ * ## google\_billing\_account\_iam\_binding
33
+ *
34
+ * ```typescript
35
+ * import * as pulumi from "@pulumi/pulumi";
36
+ * import * as gcp from "@pulumi/gcp";
37
+ *
38
+ * const editor = new gcp.billing.AccountIamBinding("editor", {
39
+ * billingAccountId: "00AA00-000AAA-00AA0A",
40
+ * members: ["user:jane@example.com"],
41
+ * role: "roles/billing.viewer",
42
+ * });
43
+ * ```
44
+ *
45
+ * ## google\_billing\_account\_iam\_member
46
+ *
47
+ * ```typescript
48
+ * import * as pulumi from "@pulumi/pulumi";
49
+ * import * as gcp from "@pulumi/gcp";
50
+ *
51
+ * const editor = new gcp.billing.AccountIamMember("editor", {
52
+ * billingAccountId: "00AA00-000AAA-00AA0A",
53
+ * member: "user:jane@example.com",
54
+ * role: "roles/billing.viewer",
55
+ * });
56
+ * ```
57
+ *
58
+ * ## Import
59
+ *
60
+ * Instance IAM resources can be imported using the project, table name, role and/or member.
61
+ *
62
+ * ```sh
63
+ * $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id"
64
+ * ```
65
+ *
66
+ * ```sh
67
+ * $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user"
68
+ * ```
69
+ *
70
+ * ```sh
71
+ * $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user user:jane@example.com"
72
+ * ```
73
+ *
74
+ * -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
75
+ *
76
+ * full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
77
+ */
3
78
  export declare class AccountIamMember extends pulumi.CustomResource {
4
79
  /**
5
80
  * Get an existing AccountIamMember resource's state with the given name, ID, and optional extra
@@ -16,10 +91,21 @@ export declare class AccountIamMember extends pulumi.CustomResource {
16
91
  * when multiple copies of the Pulumi SDK have been loaded into the same process.
17
92
  */
18
93
  static isInstance(obj: any): obj is AccountIamMember;
94
+ /**
95
+ * The billing account id.
96
+ */
19
97
  readonly billingAccountId: pulumi.Output<string>;
20
98
  readonly condition: pulumi.Output<outputs.billing.AccountIamMemberCondition | undefined>;
99
+ /**
100
+ * (Computed) The etag of the billing account's IAM policy.
101
+ */
21
102
  readonly etag: pulumi.Output<string>;
22
103
  readonly member: pulumi.Output<string>;
104
+ /**
105
+ * The role that should be applied. Only one
106
+ * `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
107
+ * `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
108
+ */
23
109
  readonly role: pulumi.Output<string>;
24
110
  /**
25
111
  * Create a AccountIamMember resource with the given unique name, arguments, and options.
@@ -34,18 +120,37 @@ export declare class AccountIamMember extends pulumi.CustomResource {
34
120
  * Input properties used for looking up and filtering AccountIamMember resources.
35
121
  */
36
122
  export interface AccountIamMemberState {
123
+ /**
124
+ * The billing account id.
125
+ */
37
126
  billingAccountId?: pulumi.Input<string>;
38
127
  condition?: pulumi.Input<inputs.billing.AccountIamMemberCondition>;
128
+ /**
129
+ * (Computed) The etag of the billing account's IAM policy.
130
+ */
39
131
  etag?: pulumi.Input<string>;
40
132
  member?: pulumi.Input<string>;
133
+ /**
134
+ * The role that should be applied. Only one
135
+ * `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
136
+ * `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
137
+ */
41
138
  role?: pulumi.Input<string>;
42
139
  }
43
140
  /**
44
141
  * The set of arguments for constructing a AccountIamMember resource.
45
142
  */
46
143
  export interface AccountIamMemberArgs {
144
+ /**
145
+ * The billing account id.
146
+ */
47
147
  billingAccountId: pulumi.Input<string>;
48
148
  condition?: pulumi.Input<inputs.billing.AccountIamMemberCondition>;
49
149
  member: pulumi.Input<string>;
150
+ /**
151
+ * The role that should be applied. Only one
152
+ * `gcp.billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format
153
+ * `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles).
154
+ */
50
155
  role: pulumi.Input<string>;
51
156
  }
@@ -5,6 +5,81 @@ Object.defineProperty(exports, "__esModule", { value: true });
5
5
  exports.AccountIamMember = void 0;
6
6
  const pulumi = require("@pulumi/pulumi");
7
7
  const utilities = require("../utilities");
8
+ /**
9
+ * Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
10
+ *
11
+ * * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
12
+ * * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
13
+ * * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
14
+ *
15
+ * > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
16
+ *
17
+ * > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
18
+ *
19
+ * ## google\_billing\_account\_iam\_policy
20
+ *
21
+ * ```typescript
22
+ * import * as pulumi from "@pulumi/pulumi";
23
+ * import * as gcp from "@pulumi/gcp";
24
+ *
25
+ * const admin = gcp.organizations.getIAMPolicy({
26
+ * bindings: [{
27
+ * role: "roles/billing.viewer",
28
+ * members: ["user:jane@example.com"],
29
+ * }],
30
+ * });
31
+ * const editor = new gcp.billing.AccountIamPolicy("editor", {
32
+ * billingAccountId: "00AA00-000AAA-00AA0A",
33
+ * policyData: admin.then(admin => admin.policyData),
34
+ * });
35
+ * ```
36
+ *
37
+ * ## google\_billing\_account\_iam\_binding
38
+ *
39
+ * ```typescript
40
+ * import * as pulumi from "@pulumi/pulumi";
41
+ * import * as gcp from "@pulumi/gcp";
42
+ *
43
+ * const editor = new gcp.billing.AccountIamBinding("editor", {
44
+ * billingAccountId: "00AA00-000AAA-00AA0A",
45
+ * members: ["user:jane@example.com"],
46
+ * role: "roles/billing.viewer",
47
+ * });
48
+ * ```
49
+ *
50
+ * ## google\_billing\_account\_iam\_member
51
+ *
52
+ * ```typescript
53
+ * import * as pulumi from "@pulumi/pulumi";
54
+ * import * as gcp from "@pulumi/gcp";
55
+ *
56
+ * const editor = new gcp.billing.AccountIamMember("editor", {
57
+ * billingAccountId: "00AA00-000AAA-00AA0A",
58
+ * member: "user:jane@example.com",
59
+ * role: "roles/billing.viewer",
60
+ * });
61
+ * ```
62
+ *
63
+ * ## Import
64
+ *
65
+ * Instance IAM resources can be imported using the project, table name, role and/or member.
66
+ *
67
+ * ```sh
68
+ * $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id"
69
+ * ```
70
+ *
71
+ * ```sh
72
+ * $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user"
73
+ * ```
74
+ *
75
+ * ```sh
76
+ * $ pulumi import gcp:billing/accountIamMember:AccountIamMember binding "your-billing-account-id roles/billing.user user:jane@example.com"
77
+ * ```
78
+ *
79
+ * -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
80
+ *
81
+ * full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
82
+ */
8
83
  class AccountIamMember extends pulumi.CustomResource {
9
84
  constructor(name, argsOrState, opts) {
10
85
  let resourceInputs = {};
@@ -1 +1 @@
1
- {"version":3,"file":"accountIamMember.js","sourceRoot":"","sources":["../../billing/accountIamMember.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IA0CvD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAtED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;;AA1BL,4CAwEC;AA1DG,gBAAgB;AACO,6BAAY,GAAG,+CAA+C,CAAC"}
1
+ {"version":3,"file":"accountIamMember.js","sourceRoot":"","sources":["../../billing/accountIamMember.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0EG;AACH,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IAqDvD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC9C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAjFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;;AA1BL,4CAmFC;AArEG,gBAAgB;AACO,6BAAY,GAAG,+CAA+C,CAAC"}
@@ -1,4 +1,79 @@
1
1
  import * as pulumi from "@pulumi/pulumi";
2
+ /**
3
+ * Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:
4
+ *
5
+ * * `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.
6
+ * * `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.
7
+ * * `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.
8
+ *
9
+ * > **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.
10
+ *
11
+ * > **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.
12
+ *
13
+ * ## google\_billing\_account\_iam\_policy
14
+ *
15
+ * ```typescript
16
+ * import * as pulumi from "@pulumi/pulumi";
17
+ * import * as gcp from "@pulumi/gcp";
18
+ *
19
+ * const admin = gcp.organizations.getIAMPolicy({
20
+ * bindings: [{
21
+ * role: "roles/billing.viewer",
22
+ * members: ["user:jane@example.com"],
23
+ * }],
24
+ * });
25
+ * const editor = new gcp.billing.AccountIamPolicy("editor", {
26
+ * billingAccountId: "00AA00-000AAA-00AA0A",
27
+ * policyData: admin.then(admin => admin.policyData),
28
+ * });
29
+ * ```
30
+ *
31
+ * ## google\_billing\_account\_iam\_binding
32
+ *
33
+ * ```typescript
34
+ * import * as pulumi from "@pulumi/pulumi";
35
+ * import * as gcp from "@pulumi/gcp";
36
+ *
37
+ * const editor = new gcp.billing.AccountIamBinding("editor", {
38
+ * billingAccountId: "00AA00-000AAA-00AA0A",
39
+ * members: ["user:jane@example.com"],
40
+ * role: "roles/billing.viewer",
41
+ * });
42
+ * ```
43
+ *
44
+ * ## google\_billing\_account\_iam\_member
45
+ *
46
+ * ```typescript
47
+ * import * as pulumi from "@pulumi/pulumi";
48
+ * import * as gcp from "@pulumi/gcp";
49
+ *
50
+ * const editor = new gcp.billing.AccountIamMember("editor", {
51
+ * billingAccountId: "00AA00-000AAA-00AA0A",
52
+ * member: "user:jane@example.com",
53
+ * role: "roles/billing.viewer",
54
+ * });
55
+ * ```
56
+ *
57
+ * ## Import
58
+ *
59
+ * Instance IAM resources can be imported using the project, table name, role and/or member.
60
+ *
61
+ * ```sh
62
+ * $ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy binding "your-billing-account-id"
63
+ * ```
64
+ *
65
+ * ```sh
66
+ * $ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy binding "your-billing-account-id roles/billing.user"
67
+ * ```
68
+ *
69
+ * ```sh
70
+ * $ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy binding "your-billing-account-id roles/billing.user user:jane@example.com"
71
+ * ```
72
+ *
73
+ * -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
74
+ *
75
+ * full name of the custom role, e.g. `organizations/my-org-id/roles/my-custom-role`.
76
+ */
2
77
  export declare class AccountIamPolicy extends pulumi.CustomResource {
3
78
  /**
4
79
  * Get an existing AccountIamPolicy resource's state with the given name, ID, and optional extra
@@ -15,8 +90,17 @@ export declare class AccountIamPolicy extends pulumi.CustomResource {
15
90
  * when multiple copies of the Pulumi SDK have been loaded into the same process.
16
91
  */
17
92
  static isInstance(obj: any): obj is AccountIamPolicy;
93
+ /**
94
+ * The billing account id.
95
+ */
18
96
  readonly billingAccountId: pulumi.Output<string>;
97
+ /**
98
+ * (Computed) The etag of the billing account's IAM policy.
99
+ */
19
100
  readonly etag: pulumi.Output<string>;
101
+ /**
102
+ * The policy data generated by a `gcp.organizations.getIAMPolicy` data source.
103
+ */
20
104
  readonly policyData: pulumi.Output<string>;
21
105
  /**
22
106
  * Create a AccountIamPolicy resource with the given unique name, arguments, and options.
@@ -31,14 +115,29 @@ export declare class AccountIamPolicy extends pulumi.CustomResource {
31
115
  * Input properties used for looking up and filtering AccountIamPolicy resources.
32
116
  */
33
117
  export interface AccountIamPolicyState {
118
+ /**
119
+ * The billing account id.
120
+ */
34
121
  billingAccountId?: pulumi.Input<string>;
122
+ /**
123
+ * (Computed) The etag of the billing account's IAM policy.
124
+ */
35
125
  etag?: pulumi.Input<string>;
126
+ /**
127
+ * The policy data generated by a `gcp.organizations.getIAMPolicy` data source.
128
+ */
36
129
  policyData?: pulumi.Input<string>;
37
130
  }
38
131
  /**
39
132
  * The set of arguments for constructing a AccountIamPolicy resource.
40
133
  */
41
134
  export interface AccountIamPolicyArgs {
135
+ /**
136
+ * The billing account id.
137
+ */
42
138
  billingAccountId: pulumi.Input<string>;
139
+ /**
140
+ * The policy data generated by a `gcp.organizations.getIAMPolicy` data source.
141
+ */
43
142
  policyData: pulumi.Input<string>;
44
143
  }