pulumi-gcp 7.30.0a1719958694__py3-none-any.whl → 7.30.0a1720039709__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. pulumi_gcp/compute/region_disk_iam_binding.py +122 -95
  2. pulumi_gcp/compute/region_disk_iam_member.py +122 -95
  3. pulumi_gcp/compute/region_disk_iam_policy.py +115 -88
  4. pulumi_gcp/gkebackup/restore_plan_iam_binding.py +328 -953
  5. pulumi_gcp/gkebackup/restore_plan_iam_member.py +328 -953
  6. pulumi_gcp/gkebackup/restore_plan_iam_policy.py +238 -953
  7. pulumi_gcp/networksecurity/address_group_iam_binding.py +289 -2
  8. pulumi_gcp/networksecurity/address_group_iam_member.py +289 -2
  9. pulumi_gcp/pulumi-plugin.json +1 -1
  10. pulumi_gcp/sourcerepo/repository_iam_binding.py +92 -83
  11. pulumi_gcp/sourcerepo/repository_iam_member.py +92 -83
  12. pulumi_gcp/sourcerepo/repository_iam_policy.py +85 -76
  13. {pulumi_gcp-7.30.0a1719958694.dist-info → pulumi_gcp-7.30.0a1720039709.dist-info}/METADATA +1 -1
  14. {pulumi_gcp-7.30.0a1719958694.dist-info → pulumi_gcp-7.30.0a1720039709.dist-info}/RECORD +16 -16
  15. {pulumi_gcp-7.30.0a1719958694.dist-info → pulumi_gcp-7.30.0a1720039709.dist-info}/WHEEL +0 -0
  16. {pulumi_gcp-7.30.0a1719958694.dist-info → pulumi_gcp-7.30.0a1720039709.dist-info}/top_level.txt +0 -0
pulumi_gcp/gkebackup/restore_plan_iam_policy.py CHANGED
@@ -25,8 +25,15 @@ class RestorePlanIamPolicyArgs:
25
25
  project: Optional[pulumi.Input[str]] = None):
26
26
  """
27
27
  The set of arguments for constructing a RestorePlanIamPolicy resource.
28
+ :param pulumi.Input[str] policy_data: The policy data generated by
29
+ a `organizations_get_iam_policy` data source.
28
30
  :param pulumi.Input[str] location: The region of the Restore Plan.
29
- :param pulumi.Input[str] name: The full name of the BackupPlan Resource.
31
+ Used to find the parent resource to bind the IAM policy to. If not specified,
32
+ the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
33
+ location is specified, it is taken from the provider configuration.
34
+ :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to
35
+ :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
36
+ If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
30
37
  """
31
38
  pulumi.set(__self__, "policy_data", policy_data)
32
39
  if location is not None:
@@ -39,6 +46,10 @@ class RestorePlanIamPolicyArgs:
39
46
  @property
40
47
  @pulumi.getter(name="policyData")
41
48
  def policy_data(self) -> pulumi.Input[str]:
49
+ """
50
+ The policy data generated by
51
+ a `organizations_get_iam_policy` data source.
52
+ """
42
53
  return pulumi.get(self, "policy_data")
43
54
 
44
55
  @policy_data.setter
@@ -50,6 +61,9 @@ class RestorePlanIamPolicyArgs:
50
61
  def location(self) -> Optional[pulumi.Input[str]]:
51
62
  """
52
63
  The region of the Restore Plan.
64
+ Used to find the parent resource to bind the IAM policy to. If not specified,
65
+ the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
66
+ location is specified, it is taken from the provider configuration.
53
67
  """
54
68
  return pulumi.get(self, "location")
55
69
 
@@ -61,7 +75,7 @@ class RestorePlanIamPolicyArgs:
61
75
  @pulumi.getter
62
76
  def name(self) -> Optional[pulumi.Input[str]]:
63
77
  """
64
- The full name of the BackupPlan Resource.
78
+ Used to find the parent resource to bind the IAM policy to
65
79
  """
66
80
  return pulumi.get(self, "name")
67
81
 
@@ -72,6 +86,10 @@ class RestorePlanIamPolicyArgs:
72
86
  @property
73
87
  @pulumi.getter
74
88
  def project(self) -> Optional[pulumi.Input[str]]:
89
+ """
90
+ The ID of the project in which the resource belongs.
91
+ If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
92
+ """
75
93
  return pulumi.get(self, "project")
76
94
 
77
95
  @project.setter
@@ -89,8 +107,16 @@ class _RestorePlanIamPolicyState:
89
107
  project: Optional[pulumi.Input[str]] = None):
90
108
  """
91
109
  Input properties used for looking up and filtering RestorePlanIamPolicy resources.
110
+ :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy.
92
111
  :param pulumi.Input[str] location: The region of the Restore Plan.
93
- :param pulumi.Input[str] name: The full name of the BackupPlan Resource.
112
+ Used to find the parent resource to bind the IAM policy to. If not specified,
113
+ the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
114
+ location is specified, it is taken from the provider configuration.
115
+ :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to
116
+ :param pulumi.Input[str] policy_data: The policy data generated by
117
+ a `organizations_get_iam_policy` data source.
118
+ :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
119
+ If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
94
120
  """
95
121
  if etag is not None:
96
122
  pulumi.set(__self__, "etag", etag)
@@ -106,6 +132,9 @@ class _RestorePlanIamPolicyState:
106
132
  @property
107
133
  @pulumi.getter
108
134
  def etag(self) -> Optional[pulumi.Input[str]]:
135
+ """
136
+ (Computed) The etag of the IAM policy.
137
+ """
109
138
  return pulumi.get(self, "etag")
110
139
 
111
140
  @etag.setter
@@ -117,6 +146,9 @@ class _RestorePlanIamPolicyState:
117
146
  def location(self) -> Optional[pulumi.Input[str]]:
118
147
  """
119
148
  The region of the Restore Plan.
149
+ Used to find the parent resource to bind the IAM policy to. If not specified,
150
+ the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
151
+ location is specified, it is taken from the provider configuration.
120
152
  """
121
153
  return pulumi.get(self, "location")
122
154
 
@@ -128,7 +160,7 @@ class _RestorePlanIamPolicyState:
128
160
  @pulumi.getter
129
161
  def name(self) -> Optional[pulumi.Input[str]]:
130
162
  """
131
- The full name of the BackupPlan Resource.
163
+ Used to find the parent resource to bind the IAM policy to
132
164
  """
133
165
  return pulumi.get(self, "name")
134
166
 
@@ -139,6 +171,10 @@ class _RestorePlanIamPolicyState:
139
171
  @property
140
172
  @pulumi.getter(name="policyData")
141
173
  def policy_data(self) -> Optional[pulumi.Input[str]]:
174
+ """
175
+ The policy data generated by
176
+ a `organizations_get_iam_policy` data source.
177
+ """
142
178
  return pulumi.get(self, "policy_data")
143
179
 
144
180
  @policy_data.setter
@@ -148,6 +184,10 @@ class _RestorePlanIamPolicyState:
148
184
  @property
149
185
  @pulumi.getter
150
186
  def project(self) -> Optional[pulumi.Input[str]]:
187
+ """
188
+ The ID of the project in which the resource belongs.
189
+ If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
190
+ """
151
191
  return pulumi.get(self, "project")
152
192
 
153
193
  @project.setter
@@ -166,544 +206,159 @@ class RestorePlanIamPolicy(pulumi.CustomResource):
166
206
  project: Optional[pulumi.Input[str]] = None,
167
207
  __props__=None):
168
208
  """
169
- Represents a Restore Plan instance.
209
+ Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:
170
210
 
171
- To get more information about RestorePlan, see:
211
+ * `gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.
212
+ * `gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.
213
+ * `gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.
172
214
 
173
- * [API documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/projects.locations.restorePlans)
174
- * How-to Guides
175
- * [Official Documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke)
215
+ A data source can be used to retrieve policy data in advent you do not need creation
176
216
 
177
- ## Example Usage
217
+ * `gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan
178
218
 
179
- ### Gkebackup Restoreplan All Namespaces
219
+ > **Note:** `gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gkebackup.RestorePlanIamBinding` and `gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.
180
220
 
181
- ```python
182
- import pulumi
183
- import pulumi_gcp as gcp
221
+ > **Note:** `gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.
184
222
 
185
- primary = gcp.container.Cluster("primary",
186
- name="restore-all-ns-cluster",
187
- location="us-central1",
188
- initial_node_count=1,
189
- workload_identity_config={
190
- "workloadPool": "my-project-name.svc.id.goog",
191
- },
192
- addons_config={
193
- "gkeBackupAgentConfig": {
194
- "enabled": True,
195
- },
196
- },
197
- deletion_protection="",
198
- network="default",
199
- subnetwork="default")
200
- basic = gcp.gkebackup.BackupPlan("basic",
201
- name="restore-all-ns",
202
- cluster=primary.id,
203
- location="us-central1",
204
- backup_config={
205
- "includeVolumeData": True,
206
- "includeSecrets": True,
207
- "allNamespaces": True,
208
- })
209
- all_ns = gcp.gkebackup.RestorePlan("all_ns",
210
- name="restore-all-ns",
211
- location="us-central1",
212
- backup_plan=basic.id,
213
- cluster=primary.id,
214
- restore_config={
215
- "allNamespaces": True,
216
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
217
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
218
- "clusterResourceRestoreScope": {
219
- "allGroupKinds": True,
220
- },
221
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
222
- })
223
- ```
224
- ### Gkebackup Restoreplan Rollback Namespace
223
+ ## gkebackup.RestorePlanIamPolicy
225
224
 
226
225
  ```python
227
226
  import pulumi
228
227
  import pulumi_gcp as gcp
229
228
 
230
- primary = gcp.container.Cluster("primary",
231
- name="rollback-ns-cluster",
232
- location="us-central1",
233
- initial_node_count=1,
234
- workload_identity_config={
235
- "workloadPool": "my-project-name.svc.id.goog",
236
- },
237
- addons_config={
238
- "gkeBackupAgentConfig": {
239
- "enabled": True,
240
- },
241
- },
242
- deletion_protection="",
243
- network="default",
244
- subnetwork="default")
245
- basic = gcp.gkebackup.BackupPlan("basic",
246
- name="rollback-ns",
247
- cluster=primary.id,
248
- location="us-central1",
249
- backup_config={
250
- "includeVolumeData": True,
251
- "includeSecrets": True,
252
- "allNamespaces": True,
253
- })
254
- rollback_ns = gcp.gkebackup.RestorePlan("rollback_ns",
255
- name="rollback-ns-rp",
256
- location="us-central1",
257
- backup_plan=basic.id,
258
- cluster=primary.id,
259
- restore_config={
260
- "selectedNamespaces": {
261
- "namespaces": ["my-ns"],
262
- },
263
- "namespacedResourceRestoreMode": "DELETE_AND_RESTORE",
264
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
265
- "clusterResourceRestoreScope": {
266
- "selectedGroupKinds": [
267
- {
268
- "resourceGroup": "apiextension.k8s.io",
269
- "resourceKind": "CustomResourceDefinition",
270
- },
271
- {
272
- "resourceGroup": "storage.k8s.io",
273
- "resourceKind": "StorageClass",
274
- },
275
- ],
276
- },
277
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
278
- })
229
+ admin = gcp.organizations.get_iam_policy(bindings=[{
230
+ "role": "roles/viewer",
231
+ "members": ["user:jane@example.com"],
232
+ }])
233
+ policy = gcp.gkebackup.RestorePlanIamPolicy("policy",
234
+ project=all_ns["project"],
235
+ location=all_ns["location"],
236
+ name=all_ns["name"],
237
+ policy_data=admin.policy_data)
279
238
  ```
280
- ### Gkebackup Restoreplan Protected Application
281
-
282
- ```python
283
- import pulumi
284
- import pulumi_gcp as gcp
285
239
 
286
- primary = gcp.container.Cluster("primary",
287
- name="rollback-app-cluster",
288
- location="us-central1",
289
- initial_node_count=1,
290
- workload_identity_config={
291
- "workloadPool": "my-project-name.svc.id.goog",
292
- },
293
- addons_config={
294
- "gkeBackupAgentConfig": {
295
- "enabled": True,
296
- },
297
- },
298
- deletion_protection="",
299
- network="default",
300
- subnetwork="default")
301
- basic = gcp.gkebackup.BackupPlan("basic",
302
- name="rollback-app",
303
- cluster=primary.id,
304
- location="us-central1",
305
- backup_config={
306
- "includeVolumeData": True,
307
- "includeSecrets": True,
308
- "allNamespaces": True,
309
- })
310
- rollback_app = gcp.gkebackup.RestorePlan("rollback_app",
311
- name="rollback-app-rp",
312
- location="us-central1",
313
- backup_plan=basic.id,
314
- cluster=primary.id,
315
- restore_config={
316
- "selectedApplications": {
317
- "namespacedNames": [{
318
- "name": "my-app",
319
- "namespace": "my-ns",
320
- }],
321
- },
322
- "namespacedResourceRestoreMode": "DELETE_AND_RESTORE",
323
- "volumeDataRestorePolicy": "REUSE_VOLUME_HANDLE_FROM_BACKUP",
324
- "clusterResourceRestoreScope": {
325
- "noGroupKinds": True,
326
- },
327
- })
328
- ```
329
- ### Gkebackup Restoreplan All Cluster Resources
240
+ ## gkebackup.RestorePlanIamBinding
330
241
 
331
242
  ```python
332
243
  import pulumi
333
244
  import pulumi_gcp as gcp
334
245
 
335
- primary = gcp.container.Cluster("primary",
336
- name="all-groupkinds-cluster",
337
- location="us-central1",
338
- initial_node_count=1,
339
- workload_identity_config={
340
- "workloadPool": "my-project-name.svc.id.goog",
341
- },
342
- addons_config={
343
- "gkeBackupAgentConfig": {
344
- "enabled": True,
345
- },
346
- },
347
- deletion_protection="",
348
- network="default",
349
- subnetwork="default")
350
- basic = gcp.gkebackup.BackupPlan("basic",
351
- name="all-groupkinds",
352
- cluster=primary.id,
353
- location="us-central1",
354
- backup_config={
355
- "includeVolumeData": True,
356
- "includeSecrets": True,
357
- "allNamespaces": True,
358
- })
359
- all_cluster_resources = gcp.gkebackup.RestorePlan("all_cluster_resources",
360
- name="all-groupkinds-rp",
361
- location="us-central1",
362
- backup_plan=basic.id,
363
- cluster=primary.id,
364
- restore_config={
365
- "noNamespaces": True,
366
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
367
- "clusterResourceRestoreScope": {
368
- "allGroupKinds": True,
369
- },
370
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
371
- })
246
+ binding = gcp.gkebackup.RestorePlanIamBinding("binding",
247
+ project=all_ns["project"],
248
+ location=all_ns["location"],
249
+ name=all_ns["name"],
250
+ role="roles/viewer",
251
+ members=["user:jane@example.com"])
372
252
  ```
373
- ### Gkebackup Restoreplan Rename Namespace
374
-
375
- ```python
376
- import pulumi
377
- import pulumi_gcp as gcp
378
253
 
379
- primary = gcp.container.Cluster("primary",
380
- name="rename-ns-cluster",
381
- location="us-central1",
382
- initial_node_count=1,
383
- workload_identity_config={
384
- "workloadPool": "my-project-name.svc.id.goog",
385
- },
386
- addons_config={
387
- "gkeBackupAgentConfig": {
388
- "enabled": True,
389
- },
390
- },
391
- deletion_protection="",
392
- network="default",
393
- subnetwork="default")
394
- basic = gcp.gkebackup.BackupPlan("basic",
395
- name="rename-ns",
396
- cluster=primary.id,
397
- location="us-central1",
398
- backup_config={
399
- "includeVolumeData": True,
400
- "includeSecrets": True,
401
- "allNamespaces": True,
402
- })
403
- rename_ns = gcp.gkebackup.RestorePlan("rename_ns",
404
- name="rename-ns-rp",
405
- location="us-central1",
406
- backup_plan=basic.id,
407
- cluster=primary.id,
408
- restore_config={
409
- "selectedNamespaces": {
410
- "namespaces": ["ns1"],
411
- },
412
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
413
- "volumeDataRestorePolicy": "REUSE_VOLUME_HANDLE_FROM_BACKUP",
414
- "clusterResourceRestoreScope": {
415
- "noGroupKinds": True,
416
- },
417
- "transformationRules": [
418
- {
419
- "description": "rename namespace from ns1 to ns2",
420
- "resourceFilter": {
421
- "groupKinds": [{
422
- "resourceKind": "Namespace",
423
- }],
424
- "jsonPath": ".metadata[?(@.name == 'ns1')]",
425
- },
426
- "fieldActions": [{
427
- "op": "REPLACE",
428
- "path": "/metadata/name",
429
- "value": "ns2",
430
- }],
431
- },
432
- {
433
- "description": "move all resources from ns1 to ns2",
434
- "resourceFilter": {
435
- "namespaces": ["ns1"],
436
- },
437
- "fieldActions": [{
438
- "op": "REPLACE",
439
- "path": "/metadata/namespace",
440
- "value": "ns2",
441
- }],
442
- },
443
- ],
444
- })
445
- ```
446
- ### Gkebackup Restoreplan Second Transformation
254
+ ## gkebackup.RestorePlanIamMember
447
255
 
448
256
  ```python
449
257
  import pulumi
450
258
  import pulumi_gcp as gcp
451
259
 
452
- primary = gcp.container.Cluster("primary",
453
- name="transform-rule-cluster",
454
- location="us-central1",
455
- initial_node_count=1,
456
- workload_identity_config={
457
- "workloadPool": "my-project-name.svc.id.goog",
458
- },
459
- addons_config={
460
- "gkeBackupAgentConfig": {
461
- "enabled": True,
462
- },
463
- },
464
- deletion_protection="",
465
- network="default",
466
- subnetwork="default")
467
- basic = gcp.gkebackup.BackupPlan("basic",
468
- name="transform-rule",
469
- cluster=primary.id,
470
- location="us-central1",
471
- backup_config={
472
- "includeVolumeData": True,
473
- "includeSecrets": True,
474
- "allNamespaces": True,
475
- })
476
- transform_rule = gcp.gkebackup.RestorePlan("transform_rule",
477
- name="transform-rule-rp",
478
- description="copy nginx env variables",
479
- labels={
480
- "app": "nginx",
481
- },
482
- location="us-central1",
483
- backup_plan=basic.id,
484
- cluster=primary.id,
485
- restore_config={
486
- "excludedNamespaces": {
487
- "namespaces": ["my-ns"],
488
- },
489
- "namespacedResourceRestoreMode": "DELETE_AND_RESTORE",
490
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
491
- "clusterResourceRestoreScope": {
492
- "excludedGroupKinds": [{
493
- "resourceGroup": "apiextension.k8s.io",
494
- "resourceKind": "CustomResourceDefinition",
495
- }],
496
- },
497
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
498
- "transformationRules": [{
499
- "description": "Copy environment variables from the nginx container to the install init container.",
500
- "resourceFilter": {
501
- "groupKinds": [{
502
- "resourceKind": "Pod",
503
- "resourceGroup": "",
504
- }],
505
- "jsonPath": ".metadata[?(@.name == 'nginx')]",
506
- },
507
- "fieldActions": [{
508
- "op": "COPY",
509
- "path": "/spec/initContainers/0/env",
510
- "fromPath": "/spec/containers/0/env",
511
- }],
512
- }],
513
- })
260
+ member = gcp.gkebackup.RestorePlanIamMember("member",
261
+ project=all_ns["project"],
262
+ location=all_ns["location"],
263
+ name=all_ns["name"],
264
+ role="roles/viewer",
265
+ member="user:jane@example.com")
514
266
  ```
515
- ### Gkebackup Restoreplan Gitops Mode
267
+
268
+ ## gkebackup.RestorePlanIamPolicy
516
269
 
517
270
  ```python
518
271
  import pulumi
519
272
  import pulumi_gcp as gcp
520
273
 
521
- primary = gcp.container.Cluster("primary",
522
- name="gitops-mode-cluster",
523
- location="us-central1",
524
- initial_node_count=1,
525
- workload_identity_config={
526
- "workloadPool": "my-project-name.svc.id.goog",
527
- },
528
- addons_config={
529
- "gkeBackupAgentConfig": {
530
- "enabled": True,
531
- },
532
- },
533
- deletion_protection="",
534
- network="default",
535
- subnetwork="default")
536
- basic = gcp.gkebackup.BackupPlan("basic",
537
- name="gitops-mode",
538
- cluster=primary.id,
539
- location="us-central1",
540
- backup_config={
541
- "includeVolumeData": True,
542
- "includeSecrets": True,
543
- "allNamespaces": True,
544
- })
545
- gitops_mode = gcp.gkebackup.RestorePlan("gitops_mode",
546
- name="gitops-mode",
547
- location="us-central1",
548
- backup_plan=basic.id,
549
- cluster=primary.id,
550
- restore_config={
551
- "allNamespaces": True,
552
- "namespacedResourceRestoreMode": "MERGE_SKIP_ON_CONFLICT",
553
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
554
- "clusterResourceRestoreScope": {
555
- "allGroupKinds": True,
556
- },
557
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
558
- })
274
+ admin = gcp.organizations.get_iam_policy(bindings=[{
275
+ "role": "roles/viewer",
276
+ "members": ["user:jane@example.com"],
277
+ }])
278
+ policy = gcp.gkebackup.RestorePlanIamPolicy("policy",
279
+ project=all_ns["project"],
280
+ location=all_ns["location"],
281
+ name=all_ns["name"],
282
+ policy_data=admin.policy_data)
559
283
  ```
560
- ### Gkebackup Restoreplan Restore Order
284
+
285
+ ## gkebackup.RestorePlanIamBinding
561
286
 
562
287
  ```python
563
288
  import pulumi
564
289
  import pulumi_gcp as gcp
565
290
 
566
- primary = gcp.container.Cluster("primary",
567
- name="restore-order-cluster",
568
- location="us-central1",
569
- initial_node_count=1,
570
- workload_identity_config={
571
- "workloadPool": "my-project-name.svc.id.goog",
572
- },
573
- addons_config={
574
- "gkeBackupAgentConfig": {
575
- "enabled": True,
576
- },
577
- },
578
- deletion_protection="",
579
- network="default",
580
- subnetwork="default")
581
- basic = gcp.gkebackup.BackupPlan("basic",
582
- name="restore-order",
583
- cluster=primary.id,
584
- location="us-central1",
585
- backup_config={
586
- "includeVolumeData": True,
587
- "includeSecrets": True,
588
- "allNamespaces": True,
589
- })
590
- restore_order = gcp.gkebackup.RestorePlan("restore_order",
591
- name="restore-order",
592
- location="us-central1",
593
- backup_plan=basic.id,
594
- cluster=primary.id,
595
- restore_config={
596
- "allNamespaces": True,
597
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
598
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
599
- "clusterResourceRestoreScope": {
600
- "allGroupKinds": True,
601
- },
602
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
603
- "restoreOrder": {
604
- "groupKindDependencies": [
605
- {
606
- "satisfying": {
607
- "resourceGroup": "stable.example.com",
608
- "resourceKind": "kindA",
609
- },
610
- "requiring": {
611
- "resourceGroup": "stable.example.com",
612
- "resourceKind": "kindB",
613
- },
614
- },
615
- {
616
- "satisfying": {
617
- "resourceGroup": "stable.example.com",
618
- "resourceKind": "kindB",
619
- },
620
- "requiring": {
621
- "resourceGroup": "stable.example.com",
622
- "resourceKind": "kindC",
623
- },
624
- },
625
- ],
626
- },
627
- })
291
+ binding = gcp.gkebackup.RestorePlanIamBinding("binding",
292
+ project=all_ns["project"],
293
+ location=all_ns["location"],
294
+ name=all_ns["name"],
295
+ role="roles/viewer",
296
+ members=["user:jane@example.com"])
628
297
  ```
629
- ### Gkebackup Restoreplan Volume Res
298
+
299
+ ## gkebackup.RestorePlanIamMember
630
300
 
631
301
  ```python
632
302
  import pulumi
633
303
  import pulumi_gcp as gcp
634
304
 
635
- primary = gcp.container.Cluster("primary",
636
- name="volume-res-cluster",
637
- location="us-central1",
638
- initial_node_count=1,
639
- workload_identity_config={
640
- "workloadPool": "my-project-name.svc.id.goog",
641
- },
642
- addons_config={
643
- "gkeBackupAgentConfig": {
644
- "enabled": True,
645
- },
646
- },
647
- deletion_protection="",
648
- network="default",
649
- subnetwork="default")
650
- basic = gcp.gkebackup.BackupPlan("basic",
651
- name="volume-res",
652
- cluster=primary.id,
653
- location="us-central1",
654
- backup_config={
655
- "includeVolumeData": True,
656
- "includeSecrets": True,
657
- "allNamespaces": True,
658
- })
659
- volume_res = gcp.gkebackup.RestorePlan("volume_res",
660
- name="volume-res",
661
- location="us-central1",
662
- backup_plan=basic.id,
663
- cluster=primary.id,
664
- restore_config={
665
- "allNamespaces": True,
666
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
667
- "volumeDataRestorePolicy": "NO_VOLUME_DATA_RESTORATION",
668
- "clusterResourceRestoreScope": {
669
- "allGroupKinds": True,
670
- },
671
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
672
- "volumeDataRestorePolicyBindings": [{
673
- "policy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
674
- "volumeType": "GCE_PERSISTENT_DISK",
675
- }],
676
- })
305
+ member = gcp.gkebackup.RestorePlanIamMember("member",
306
+ project=all_ns["project"],
307
+ location=all_ns["location"],
308
+ name=all_ns["name"],
309
+ role="roles/viewer",
310
+ member="user:jane@example.com")
677
311
  ```
678
312
 
679
313
  ## Import
680
314
 
681
- RestorePlan can be imported using any of these accepted formats:
315
+ For all import syntaxes, the "resource in question" can take any of the following forms:
316
+
317
+ * projects/{{project}}/locations/{{location}}/restorePlans/{{name}}
682
318
 
683
- * `projects/{{project}}/locations/{{location}}/restorePlans/{{name}}`
319
+ * {{project}}/{{location}}/{{name}}
684
320
 
685
- * `{{project}}/{{location}}/{{name}}`
321
+ * {{location}}/{{name}}
686
322
 
687
- * `{{location}}/{{name}}`
323
+ * {{name}}
688
324
 
689
- When using the `pulumi import` command, RestorePlan can be imported using one of the formats above. For example:
325
+ Any variables not passed in the import command will be taken from the provider configuration.
326
+
327
+ Backup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.
328
+
329
+ IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
690
330
 
691
331
  ```sh
692
- $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy default projects/{{project}}/locations/{{location}}/restorePlans/{{name}}
332
+ $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor "projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com"
693
333
  ```
694
334
 
335
+ IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
336
+
695
337
  ```sh
696
- $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy default {{project}}/{{location}}/{{name}}
338
+ $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor "projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer"
697
339
  ```
698
340
 
341
+ IAM policy imports use the identifier of the resource in question, e.g.
342
+
699
343
  ```sh
700
- $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy default {{location}}/{{name}}
344
+ $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}
701
345
  ```
702
346
 
347
+ -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
348
+
349
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
350
+
703
351
  :param str resource_name: The name of the resource.
704
352
  :param pulumi.ResourceOptions opts: Options for the resource.
705
353
  :param pulumi.Input[str] location: The region of the Restore Plan.
706
- :param pulumi.Input[str] name: The full name of the BackupPlan Resource.
354
+ Used to find the parent resource to bind the IAM policy to. If not specified,
355
+ the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
356
+ location is specified, it is taken from the provider configuration.
357
+ :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to
358
+ :param pulumi.Input[str] policy_data: The policy data generated by
359
+ a `organizations_get_iam_policy` data source.
360
+ :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
361
+ If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
707
362
  """
708
363
  ...
709
364
  @overload
@@ -712,540 +367,148 @@ class RestorePlanIamPolicy(pulumi.CustomResource):
712
367
  args: RestorePlanIamPolicyArgs,
713
368
  opts: Optional[pulumi.ResourceOptions] = None):
714
369
  """
715
- Represents a Restore Plan instance.
370
+ Three different resources help you manage your IAM policy for Backup for GKE RestorePlan. Each of these resources serves a different use case:
716
371
 
717
- To get more information about RestorePlan, see:
372
+ * `gkebackup.RestorePlanIamPolicy`: Authoritative. Sets the IAM policy for the restoreplan and replaces any existing policy already attached.
373
+ * `gkebackup.RestorePlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the restoreplan are preserved.
374
+ * `gkebackup.RestorePlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the restoreplan are preserved.
718
375
 
719
- * [API documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/projects.locations.restorePlans)
720
- * How-to Guides
721
- * [Official Documentation](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke)
376
+ A data source can be used to retrieve policy data in advent you do not need creation
722
377
 
723
- ## Example Usage
378
+ * `gkebackup.RestorePlanIamPolicy`: Retrieves the IAM policy for the restoreplan
724
379
 
725
- ### Gkebackup Restoreplan All Namespaces
380
+ > **Note:** `gkebackup.RestorePlanIamPolicy` **cannot** be used in conjunction with `gkebackup.RestorePlanIamBinding` and `gkebackup.RestorePlanIamMember` or they will fight over what your policy should be.
726
381
 
727
- ```python
728
- import pulumi
729
- import pulumi_gcp as gcp
382
+ > **Note:** `gkebackup.RestorePlanIamBinding` resources **can be** used in conjunction with `gkebackup.RestorePlanIamMember` resources **only if** they do not grant privilege to the same role.
730
383
 
731
- primary = gcp.container.Cluster("primary",
732
- name="restore-all-ns-cluster",
733
- location="us-central1",
734
- initial_node_count=1,
735
- workload_identity_config={
736
- "workloadPool": "my-project-name.svc.id.goog",
737
- },
738
- addons_config={
739
- "gkeBackupAgentConfig": {
740
- "enabled": True,
741
- },
742
- },
743
- deletion_protection="",
744
- network="default",
745
- subnetwork="default")
746
- basic = gcp.gkebackup.BackupPlan("basic",
747
- name="restore-all-ns",
748
- cluster=primary.id,
749
- location="us-central1",
750
- backup_config={
751
- "includeVolumeData": True,
752
- "includeSecrets": True,
753
- "allNamespaces": True,
754
- })
755
- all_ns = gcp.gkebackup.RestorePlan("all_ns",
756
- name="restore-all-ns",
757
- location="us-central1",
758
- backup_plan=basic.id,
759
- cluster=primary.id,
760
- restore_config={
761
- "allNamespaces": True,
762
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
763
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
764
- "clusterResourceRestoreScope": {
765
- "allGroupKinds": True,
766
- },
767
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
768
- })
769
- ```
770
- ### Gkebackup Restoreplan Rollback Namespace
384
+ ## gkebackup.RestorePlanIamPolicy
771
385
 
772
386
  ```python
773
387
  import pulumi
774
388
  import pulumi_gcp as gcp
775
389
 
776
- primary = gcp.container.Cluster("primary",
777
- name="rollback-ns-cluster",
778
- location="us-central1",
779
- initial_node_count=1,
780
- workload_identity_config={
781
- "workloadPool": "my-project-name.svc.id.goog",
782
- },
783
- addons_config={
784
- "gkeBackupAgentConfig": {
785
- "enabled": True,
786
- },
787
- },
788
- deletion_protection="",
789
- network="default",
790
- subnetwork="default")
791
- basic = gcp.gkebackup.BackupPlan("basic",
792
- name="rollback-ns",
793
- cluster=primary.id,
794
- location="us-central1",
795
- backup_config={
796
- "includeVolumeData": True,
797
- "includeSecrets": True,
798
- "allNamespaces": True,
799
- })
800
- rollback_ns = gcp.gkebackup.RestorePlan("rollback_ns",
801
- name="rollback-ns-rp",
802
- location="us-central1",
803
- backup_plan=basic.id,
804
- cluster=primary.id,
805
- restore_config={
806
- "selectedNamespaces": {
807
- "namespaces": ["my-ns"],
808
- },
809
- "namespacedResourceRestoreMode": "DELETE_AND_RESTORE",
810
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
811
- "clusterResourceRestoreScope": {
812
- "selectedGroupKinds": [
813
- {
814
- "resourceGroup": "apiextension.k8s.io",
815
- "resourceKind": "CustomResourceDefinition",
816
- },
817
- {
818
- "resourceGroup": "storage.k8s.io",
819
- "resourceKind": "StorageClass",
820
- },
821
- ],
822
- },
823
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
824
- })
390
+ admin = gcp.organizations.get_iam_policy(bindings=[{
391
+ "role": "roles/viewer",
392
+ "members": ["user:jane@example.com"],
393
+ }])
394
+ policy = gcp.gkebackup.RestorePlanIamPolicy("policy",
395
+ project=all_ns["project"],
396
+ location=all_ns["location"],
397
+ name=all_ns["name"],
398
+ policy_data=admin.policy_data)
825
399
  ```
826
- ### Gkebackup Restoreplan Protected Application
827
-
828
- ```python
829
- import pulumi
830
- import pulumi_gcp as gcp
831
400
 
832
- primary = gcp.container.Cluster("primary",
833
- name="rollback-app-cluster",
834
- location="us-central1",
835
- initial_node_count=1,
836
- workload_identity_config={
837
- "workloadPool": "my-project-name.svc.id.goog",
838
- },
839
- addons_config={
840
- "gkeBackupAgentConfig": {
841
- "enabled": True,
842
- },
843
- },
844
- deletion_protection="",
845
- network="default",
846
- subnetwork="default")
847
- basic = gcp.gkebackup.BackupPlan("basic",
848
- name="rollback-app",
849
- cluster=primary.id,
850
- location="us-central1",
851
- backup_config={
852
- "includeVolumeData": True,
853
- "includeSecrets": True,
854
- "allNamespaces": True,
855
- })
856
- rollback_app = gcp.gkebackup.RestorePlan("rollback_app",
857
- name="rollback-app-rp",
858
- location="us-central1",
859
- backup_plan=basic.id,
860
- cluster=primary.id,
861
- restore_config={
862
- "selectedApplications": {
863
- "namespacedNames": [{
864
- "name": "my-app",
865
- "namespace": "my-ns",
866
- }],
867
- },
868
- "namespacedResourceRestoreMode": "DELETE_AND_RESTORE",
869
- "volumeDataRestorePolicy": "REUSE_VOLUME_HANDLE_FROM_BACKUP",
870
- "clusterResourceRestoreScope": {
871
- "noGroupKinds": True,
872
- },
873
- })
874
- ```
875
- ### Gkebackup Restoreplan All Cluster Resources
401
+ ## gkebackup.RestorePlanIamBinding
876
402
 
877
403
  ```python
878
404
  import pulumi
879
405
  import pulumi_gcp as gcp
880
406
 
881
- primary = gcp.container.Cluster("primary",
882
- name="all-groupkinds-cluster",
883
- location="us-central1",
884
- initial_node_count=1,
885
- workload_identity_config={
886
- "workloadPool": "my-project-name.svc.id.goog",
887
- },
888
- addons_config={
889
- "gkeBackupAgentConfig": {
890
- "enabled": True,
891
- },
892
- },
893
- deletion_protection="",
894
- network="default",
895
- subnetwork="default")
896
- basic = gcp.gkebackup.BackupPlan("basic",
897
- name="all-groupkinds",
898
- cluster=primary.id,
899
- location="us-central1",
900
- backup_config={
901
- "includeVolumeData": True,
902
- "includeSecrets": True,
903
- "allNamespaces": True,
904
- })
905
- all_cluster_resources = gcp.gkebackup.RestorePlan("all_cluster_resources",
906
- name="all-groupkinds-rp",
907
- location="us-central1",
908
- backup_plan=basic.id,
909
- cluster=primary.id,
910
- restore_config={
911
- "noNamespaces": True,
912
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
913
- "clusterResourceRestoreScope": {
914
- "allGroupKinds": True,
915
- },
916
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
917
- })
407
+ binding = gcp.gkebackup.RestorePlanIamBinding("binding",
408
+ project=all_ns["project"],
409
+ location=all_ns["location"],
410
+ name=all_ns["name"],
411
+ role="roles/viewer",
412
+ members=["user:jane@example.com"])
918
413
  ```
919
- ### Gkebackup Restoreplan Rename Namespace
920
-
921
- ```python
922
- import pulumi
923
- import pulumi_gcp as gcp
924
414
 
925
- primary = gcp.container.Cluster("primary",
926
- name="rename-ns-cluster",
927
- location="us-central1",
928
- initial_node_count=1,
929
- workload_identity_config={
930
- "workloadPool": "my-project-name.svc.id.goog",
931
- },
932
- addons_config={
933
- "gkeBackupAgentConfig": {
934
- "enabled": True,
935
- },
936
- },
937
- deletion_protection="",
938
- network="default",
939
- subnetwork="default")
940
- basic = gcp.gkebackup.BackupPlan("basic",
941
- name="rename-ns",
942
- cluster=primary.id,
943
- location="us-central1",
944
- backup_config={
945
- "includeVolumeData": True,
946
- "includeSecrets": True,
947
- "allNamespaces": True,
948
- })
949
- rename_ns = gcp.gkebackup.RestorePlan("rename_ns",
950
- name="rename-ns-rp",
951
- location="us-central1",
952
- backup_plan=basic.id,
953
- cluster=primary.id,
954
- restore_config={
955
- "selectedNamespaces": {
956
- "namespaces": ["ns1"],
957
- },
958
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
959
- "volumeDataRestorePolicy": "REUSE_VOLUME_HANDLE_FROM_BACKUP",
960
- "clusterResourceRestoreScope": {
961
- "noGroupKinds": True,
962
- },
963
- "transformationRules": [
964
- {
965
- "description": "rename namespace from ns1 to ns2",
966
- "resourceFilter": {
967
- "groupKinds": [{
968
- "resourceKind": "Namespace",
969
- }],
970
- "jsonPath": ".metadata[?(@.name == 'ns1')]",
971
- },
972
- "fieldActions": [{
973
- "op": "REPLACE",
974
- "path": "/metadata/name",
975
- "value": "ns2",
976
- }],
977
- },
978
- {
979
- "description": "move all resources from ns1 to ns2",
980
- "resourceFilter": {
981
- "namespaces": ["ns1"],
982
- },
983
- "fieldActions": [{
984
- "op": "REPLACE",
985
- "path": "/metadata/namespace",
986
- "value": "ns2",
987
- }],
988
- },
989
- ],
990
- })
991
- ```
992
- ### Gkebackup Restoreplan Second Transformation
415
+ ## gkebackup.RestorePlanIamMember
993
416
 
994
417
  ```python
995
418
  import pulumi
996
419
  import pulumi_gcp as gcp
997
420
 
998
- primary = gcp.container.Cluster("primary",
999
- name="transform-rule-cluster",
1000
- location="us-central1",
1001
- initial_node_count=1,
1002
- workload_identity_config={
1003
- "workloadPool": "my-project-name.svc.id.goog",
1004
- },
1005
- addons_config={
1006
- "gkeBackupAgentConfig": {
1007
- "enabled": True,
1008
- },
1009
- },
1010
- deletion_protection="",
1011
- network="default",
1012
- subnetwork="default")
1013
- basic = gcp.gkebackup.BackupPlan("basic",
1014
- name="transform-rule",
1015
- cluster=primary.id,
1016
- location="us-central1",
1017
- backup_config={
1018
- "includeVolumeData": True,
1019
- "includeSecrets": True,
1020
- "allNamespaces": True,
1021
- })
1022
- transform_rule = gcp.gkebackup.RestorePlan("transform_rule",
1023
- name="transform-rule-rp",
1024
- description="copy nginx env variables",
1025
- labels={
1026
- "app": "nginx",
1027
- },
1028
- location="us-central1",
1029
- backup_plan=basic.id,
1030
- cluster=primary.id,
1031
- restore_config={
1032
- "excludedNamespaces": {
1033
- "namespaces": ["my-ns"],
1034
- },
1035
- "namespacedResourceRestoreMode": "DELETE_AND_RESTORE",
1036
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
1037
- "clusterResourceRestoreScope": {
1038
- "excludedGroupKinds": [{
1039
- "resourceGroup": "apiextension.k8s.io",
1040
- "resourceKind": "CustomResourceDefinition",
1041
- }],
1042
- },
1043
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
1044
- "transformationRules": [{
1045
- "description": "Copy environment variables from the nginx container to the install init container.",
1046
- "resourceFilter": {
1047
- "groupKinds": [{
1048
- "resourceKind": "Pod",
1049
- "resourceGroup": "",
1050
- }],
1051
- "jsonPath": ".metadata[?(@.name == 'nginx')]",
1052
- },
1053
- "fieldActions": [{
1054
- "op": "COPY",
1055
- "path": "/spec/initContainers/0/env",
1056
- "fromPath": "/spec/containers/0/env",
1057
- }],
1058
- }],
1059
- })
421
+ member = gcp.gkebackup.RestorePlanIamMember("member",
422
+ project=all_ns["project"],
423
+ location=all_ns["location"],
424
+ name=all_ns["name"],
425
+ role="roles/viewer",
426
+ member="user:jane@example.com")
1060
427
  ```
1061
- ### Gkebackup Restoreplan Gitops Mode
428
+
429
+ ## gkebackup.RestorePlanIamPolicy
1062
430
 
1063
431
  ```python
1064
432
  import pulumi
1065
433
  import pulumi_gcp as gcp
1066
434
 
1067
- primary = gcp.container.Cluster("primary",
1068
- name="gitops-mode-cluster",
1069
- location="us-central1",
1070
- initial_node_count=1,
1071
- workload_identity_config={
1072
- "workloadPool": "my-project-name.svc.id.goog",
1073
- },
1074
- addons_config={
1075
- "gkeBackupAgentConfig": {
1076
- "enabled": True,
1077
- },
1078
- },
1079
- deletion_protection="",
1080
- network="default",
1081
- subnetwork="default")
1082
- basic = gcp.gkebackup.BackupPlan("basic",
1083
- name="gitops-mode",
1084
- cluster=primary.id,
1085
- location="us-central1",
1086
- backup_config={
1087
- "includeVolumeData": True,
1088
- "includeSecrets": True,
1089
- "allNamespaces": True,
1090
- })
1091
- gitops_mode = gcp.gkebackup.RestorePlan("gitops_mode",
1092
- name="gitops-mode",
1093
- location="us-central1",
1094
- backup_plan=basic.id,
1095
- cluster=primary.id,
1096
- restore_config={
1097
- "allNamespaces": True,
1098
- "namespacedResourceRestoreMode": "MERGE_SKIP_ON_CONFLICT",
1099
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
1100
- "clusterResourceRestoreScope": {
1101
- "allGroupKinds": True,
1102
- },
1103
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
1104
- })
435
+ admin = gcp.organizations.get_iam_policy(bindings=[{
436
+ "role": "roles/viewer",
437
+ "members": ["user:jane@example.com"],
438
+ }])
439
+ policy = gcp.gkebackup.RestorePlanIamPolicy("policy",
440
+ project=all_ns["project"],
441
+ location=all_ns["location"],
442
+ name=all_ns["name"],
443
+ policy_data=admin.policy_data)
1105
444
  ```
1106
- ### Gkebackup Restoreplan Restore Order
445
+
446
+ ## gkebackup.RestorePlanIamBinding
1107
447
 
1108
448
  ```python
1109
449
  import pulumi
1110
450
  import pulumi_gcp as gcp
1111
451
 
1112
- primary = gcp.container.Cluster("primary",
1113
- name="restore-order-cluster",
1114
- location="us-central1",
1115
- initial_node_count=1,
1116
- workload_identity_config={
1117
- "workloadPool": "my-project-name.svc.id.goog",
1118
- },
1119
- addons_config={
1120
- "gkeBackupAgentConfig": {
1121
- "enabled": True,
1122
- },
1123
- },
1124
- deletion_protection="",
1125
- network="default",
1126
- subnetwork="default")
1127
- basic = gcp.gkebackup.BackupPlan("basic",
1128
- name="restore-order",
1129
- cluster=primary.id,
1130
- location="us-central1",
1131
- backup_config={
1132
- "includeVolumeData": True,
1133
- "includeSecrets": True,
1134
- "allNamespaces": True,
1135
- })
1136
- restore_order = gcp.gkebackup.RestorePlan("restore_order",
1137
- name="restore-order",
1138
- location="us-central1",
1139
- backup_plan=basic.id,
1140
- cluster=primary.id,
1141
- restore_config={
1142
- "allNamespaces": True,
1143
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
1144
- "volumeDataRestorePolicy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
1145
- "clusterResourceRestoreScope": {
1146
- "allGroupKinds": True,
1147
- },
1148
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
1149
- "restoreOrder": {
1150
- "groupKindDependencies": [
1151
- {
1152
- "satisfying": {
1153
- "resourceGroup": "stable.example.com",
1154
- "resourceKind": "kindA",
1155
- },
1156
- "requiring": {
1157
- "resourceGroup": "stable.example.com",
1158
- "resourceKind": "kindB",
1159
- },
1160
- },
1161
- {
1162
- "satisfying": {
1163
- "resourceGroup": "stable.example.com",
1164
- "resourceKind": "kindB",
1165
- },
1166
- "requiring": {
1167
- "resourceGroup": "stable.example.com",
1168
- "resourceKind": "kindC",
1169
- },
1170
- },
1171
- ],
1172
- },
1173
- })
452
+ binding = gcp.gkebackup.RestorePlanIamBinding("binding",
453
+ project=all_ns["project"],
454
+ location=all_ns["location"],
455
+ name=all_ns["name"],
456
+ role="roles/viewer",
457
+ members=["user:jane@example.com"])
1174
458
  ```
1175
- ### Gkebackup Restoreplan Volume Res
459
+
460
+ ## gkebackup.RestorePlanIamMember
1176
461
 
1177
462
  ```python
1178
463
  import pulumi
1179
464
  import pulumi_gcp as gcp
1180
465
 
1181
- primary = gcp.container.Cluster("primary",
1182
- name="volume-res-cluster",
1183
- location="us-central1",
1184
- initial_node_count=1,
1185
- workload_identity_config={
1186
- "workloadPool": "my-project-name.svc.id.goog",
1187
- },
1188
- addons_config={
1189
- "gkeBackupAgentConfig": {
1190
- "enabled": True,
1191
- },
1192
- },
1193
- deletion_protection="",
1194
- network="default",
1195
- subnetwork="default")
1196
- basic = gcp.gkebackup.BackupPlan("basic",
1197
- name="volume-res",
1198
- cluster=primary.id,
1199
- location="us-central1",
1200
- backup_config={
1201
- "includeVolumeData": True,
1202
- "includeSecrets": True,
1203
- "allNamespaces": True,
1204
- })
1205
- volume_res = gcp.gkebackup.RestorePlan("volume_res",
1206
- name="volume-res",
1207
- location="us-central1",
1208
- backup_plan=basic.id,
1209
- cluster=primary.id,
1210
- restore_config={
1211
- "allNamespaces": True,
1212
- "namespacedResourceRestoreMode": "FAIL_ON_CONFLICT",
1213
- "volumeDataRestorePolicy": "NO_VOLUME_DATA_RESTORATION",
1214
- "clusterResourceRestoreScope": {
1215
- "allGroupKinds": True,
1216
- },
1217
- "clusterResourceConflictPolicy": "USE_EXISTING_VERSION",
1218
- "volumeDataRestorePolicyBindings": [{
1219
- "policy": "RESTORE_VOLUME_DATA_FROM_BACKUP",
1220
- "volumeType": "GCE_PERSISTENT_DISK",
1221
- }],
1222
- })
466
+ member = gcp.gkebackup.RestorePlanIamMember("member",
467
+ project=all_ns["project"],
468
+ location=all_ns["location"],
469
+ name=all_ns["name"],
470
+ role="roles/viewer",
471
+ member="user:jane@example.com")
1223
472
  ```
1224
473
 
1225
474
  ## Import
1226
475
 
1227
- RestorePlan can be imported using any of these accepted formats:
476
+ For all import syntaxes, the "resource in question" can take any of the following forms:
477
+
478
+ * projects/{{project}}/locations/{{location}}/restorePlans/{{name}}
1228
479
 
1229
- * `projects/{{project}}/locations/{{location}}/restorePlans/{{name}}`
480
+ * {{project}}/{{location}}/{{name}}
1230
481
 
1231
- * `{{project}}/{{location}}/{{name}}`
482
+ * {{location}}/{{name}}
1232
483
 
1233
- * `{{location}}/{{name}}`
484
+ * {{name}}
1234
485
 
1235
- When using the `pulumi import` command, RestorePlan can be imported using one of the formats above. For example:
486
+ Any variables not passed in the import command will be taken from the provider configuration.
487
+
488
+ Backup for GKE restoreplan IAM resources can be imported using the resource identifiers, role, and member.
489
+
490
+ IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
1236
491
 
1237
492
  ```sh
1238
- $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy default projects/{{project}}/locations/{{location}}/restorePlans/{{name}}
493
+ $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor "projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer user:jane@example.com"
1239
494
  ```
1240
495
 
496
+ IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
497
+
1241
498
  ```sh
1242
- $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy default {{project}}/{{location}}/{{name}}
499
+ $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor "projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}} roles/viewer"
1243
500
  ```
1244
501
 
502
+ IAM policy imports use the identifier of the resource in question, e.g.
503
+
1245
504
  ```sh
1246
- $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy default {{location}}/{{name}}
505
+ $ pulumi import gcp:gkebackup/restorePlanIamPolicy:RestorePlanIamPolicy editor projects/{{project}}/locations/{{location}}/restorePlans/{{restore_plan}}
1247
506
  ```
1248
507
 
508
+ -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
509
+
510
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
511
+
1249
512
  :param str resource_name: The name of the resource.
1250
513
  :param RestorePlanIamPolicyArgs args: The arguments to use to populate this resource's properties.
1251
514
  :param pulumi.ResourceOptions opts: Options for the resource.
@@ -1303,8 +566,16 @@ class RestorePlanIamPolicy(pulumi.CustomResource):
1303
566
  :param str resource_name: The unique name of the resulting resource.
1304
567
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1305
568
  :param pulumi.ResourceOptions opts: Options for the resource.
569
+ :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy.
1306
570
  :param pulumi.Input[str] location: The region of the Restore Plan.
1307
- :param pulumi.Input[str] name: The full name of the BackupPlan Resource.
571
+ Used to find the parent resource to bind the IAM policy to. If not specified,
572
+ the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
573
+ location is specified, it is taken from the provider configuration.
574
+ :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to
575
+ :param pulumi.Input[str] policy_data: The policy data generated by
576
+ a `organizations_get_iam_policy` data source.
577
+ :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
578
+ If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
1308
579
  """
1309
580
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1310
581
 
@@ -1320,6 +591,9 @@ class RestorePlanIamPolicy(pulumi.CustomResource):
1320
591
  @property
1321
592
  @pulumi.getter
1322
593
  def etag(self) -> pulumi.Output[str]:
594
+ """
595
+ (Computed) The etag of the IAM policy.
596
+ """
1323
597
  return pulumi.get(self, "etag")
1324
598
 
1325
599
  @property
@@ -1327,6 +601,9 @@ class RestorePlanIamPolicy(pulumi.CustomResource):
1327
601
  def location(self) -> pulumi.Output[str]:
1328
602
  """
1329
603
  The region of the Restore Plan.
604
+ Used to find the parent resource to bind the IAM policy to. If not specified,
605
+ the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
606
+ location is specified, it is taken from the provider configuration.
1330
607
  """
1331
608
  return pulumi.get(self, "location")
1332
609
 
@@ -1334,17 +611,25 @@ class RestorePlanIamPolicy(pulumi.CustomResource):
1334
611
  @pulumi.getter
1335
612
  def name(self) -> pulumi.Output[str]:
1336
613
  """
1337
- The full name of the BackupPlan Resource.
614
+ Used to find the parent resource to bind the IAM policy to
1338
615
  """
1339
616
  return pulumi.get(self, "name")
1340
617
 
1341
618
  @property
1342
619
  @pulumi.getter(name="policyData")
1343
620
  def policy_data(self) -> pulumi.Output[str]:
621
+ """
622
+ The policy data generated by
623
+ a `organizations_get_iam_policy` data source.
624
+ """
1344
625
  return pulumi.get(self, "policy_data")
1345
626
 
1346
627
  @property
1347
628
  @pulumi.getter
1348
629
  def project(self) -> pulumi.Output[str]:
630
+ """
631
+ The ID of the project in which the resource belongs.
632
+ If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
633
+ """
1349
634
  return pulumi.get(self, "project")
1350
635