Module organizations

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

Resources

Data Sources

Others

Resources

Resource Folder

class Folder extends CustomResource

Allows management of a Google Cloud Platform folder. For more information see the official documentation and API.

A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of Cloud Platform resources. Folders allows you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies.

Folders created live inside an Organization. See the Organization documentation for more details.

The service account used to run this provider when creating a gcp.organizations.Folder resource must have roles/resourcemanager.folderCreator. See the Access Control for Folders Using IAM doc for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// Top-level folder under an organization.
const department1 = new gcp.organizations.Folder("department1", {
    displayName: "Department 1",
    parent: "organizations/1234567",
});
// Folder nested under another folder.
const teamAbc = new gcp.organizations.Folder("team-abc", {
    displayName: "Team ABC",
    parent: department1.name,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/folder.html.markdown.

constructor

new Folder(name: string, args: FolderArgs, opts?: pulumi.CustomResourceOptions)

Create a Folder resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FolderState, opts?: pulumi.CustomResourceOptions): Folder

Get an existing Folder resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Folder. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property createTime

public createTime: pulumi.Output<string>;

Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds. Example: “2014-10-02T15:01:23.045123456Z”.

property displayName

public displayName: pulumi.Output<string>;

The folder’s display name. A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lifecycleState

public lifecycleState: pulumi.Output<string>;

The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.

property name

public name: pulumi.Output<string>;

The resource name of the Folder. Its format is folders/{folder_id}.

property parent

public parent: pulumi.Output<string>;

The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IAMBinding

class IAMBinding extends CustomResource

Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform Organization.

Note: This resource must not be used in conjunction with gcp.organizations.IAMMember for the same role or they will fight over what your policy should be.

Note: On create, this resource will overwrite members of any existing roles. Use import and inspect the preview output to ensure your existing members are preserved.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.organizations.IAMBinding("binding", {
    members: ["user:alice@gmail.com"],
    orgId: "123456789",
    role: "roles/browser",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/organization_iam_binding.html.markdown.

constructor

new IAMBinding(name: string, args: IAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMBindingState, opts?: pulumi.CustomResourceOptions): IAMBinding

Get an existing IAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the organization’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

property orgId

public orgId: pulumi.Output<string>;

The numeric ID of the organization in which you want to create a custom role.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.organizations.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IAMCustomRole

class IAMCustomRole extends CustomResource

Allows management of a customized Cloud IAM organization role. For more information see the official documentation and API.

Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by this provider, and new roles cannot share that name.

Example Usage

This snippet creates a customized IAM organization role.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myCustomRole = new gcp.organizations.IAMCustomRole("my-custom-role", {
    description: "A description",
    orgId: "123456789",
    permissions: [
        "iam.roles.list",
        "iam.roles.create",
        "iam.roles.delete",
    ],
    roleId: "myCustomRole",
    title: "My Custom Role",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/organization_iam_custom_role.html.markdown.

constructor

new IAMCustomRole(name: string, args: IAMCustomRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMCustomRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMCustomRoleState, opts?: pulumi.CustomResourceOptions): IAMCustomRole

Get an existing IAMCustomRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMCustomRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property deleted

public deleted: pulumi.Output<boolean>;

(Optional) The current deleted state of the role.

property description

public description: pulumi.Output<string | undefined>;

A human-readable description for the role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property orgId

public orgId: pulumi.Output<string>;

The numeric ID of the organization in which you want to create a custom role.

property permissions

public permissions: pulumi.Output<string[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property roleId

public roleId: pulumi.Output<string>;

The role id to use for this role.

property stage

public stage: pulumi.Output<string | undefined>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

public title: pulumi.Output<string>;

A human-readable title for the role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IAMMember

class IAMMember extends CustomResource

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud Platform Organization.

Note: This resource must not be used in conjunction with gcp.organizations.IAMBinding for the same role or they will fight over what your policy should be.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.organizations.IAMMember("binding", {
    member: "user:alice@gmail.com",
    orgId: "0123456789",
    role: "roles/editor",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/organization_iam_member.html.markdown.

constructor

new IAMMember(name: string, args: IAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMMemberState, opts?: pulumi.CustomResourceOptions): IAMMember

Get an existing IAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the organization’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

property orgId

public orgId: pulumi.Output<string>;

The numeric ID of the organization in which you want to create a custom role.

property role

public role: pulumi.Output<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IAMPolicy

class IAMPolicy extends CustomResource

Allows management of the entire IAM policy for an existing Google Cloud Platform Organization.

Warning: New organizations have several default policies which will, without extreme caution, be overwritten by use of this resource. The safest alternative is to use multiple gcp.organizations.IAMBinding resources. It is easy to use this resource to remove your own access to an organization, which will require a call to Google Support to have fixed, and can take multiple days to resolve. If you do use this resource, the best way to be sure that you are not making dangerous changes is to start by importing your existing policy, and examining the diff very closely.

Note: This resource must not be used in conjunction with gcp.organizations.IAMMember or gcp.organizations.IAMBinding or they will fight over what your policy should be.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
});
const policy = new gcp.organizations.IAMPolicy("policy", {
    orgId: "123456789",
    policyData: admin.policyData,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/organization_iam_policy.html.markdown.

constructor

new IAMPolicy(name: string, args: IAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMPolicyState, opts?: pulumi.CustomResourceOptions): IAMPolicy

Get an existing IAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property orgId

public orgId: pulumi.Output<string>;

The numeric ID of the organization in which you want to create a custom role.

property policyData

public policyData: pulumi.Output<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Policy

class Policy extends CustomResource

Allows management of Organization policies for a Google Organization. For more information see the official documentation and API.

Example Usage

To set policy with a boolean constraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const serialPortPolicy = new gcp.organizations.Policy("serialPortPolicy", {
    booleanPolicy: {
        enforced: true,
    },
    constraint: "compute.disableSerialPortAccess",
    orgId: "123456789",
});

To set a policy with a list contraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.organizations.Policy("servicesPolicy", {
    constraint: "serviceuser.services",
    listPolicy: {
        allow: {
            all: true,
        },
    },
    orgId: "123456789",
});

Or to deny some services, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.organizations.Policy("servicesPolicy", {
    constraint: "serviceuser.services",
    listPolicy: {
        deny: {
            values: ["cloudresourcemanager.googleapis.com"],
        },
        suggestedValues: "compute.googleapis.com",
    },
    orgId: "123456789",
});

To restore the default organization policy, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.organizations.Policy("servicesPolicy", {
    constraint: "serviceuser.services",
    orgId: "123456789",
    restorePolicy: {
        default: true,
    },
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/organization_policy.html.markdown.

constructor

new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a Policy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property booleanPolicy

public booleanPolicy: pulumi.Output<outputs.organizations.PolicyBooleanPolicy | undefined>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

public constraint: pulumi.Output<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property listPolicy

public listPolicy: pulumi.Output<outputs.organizations.PolicyListPolicy | undefined>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property orgId

public orgId: pulumi.Output<string>;

The numeric ID of the organization to set the policy for.

property restorePolicy

public restorePolicy: pulumi.Output<outputs.organizations.PolicyRestorePolicy | undefined>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

public updateTime: pulumi.Output<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property version

public version: pulumi.Output<number>;

Version of the Policy. Default version is 0.

Resource Project

class Project extends CustomResource

Allows creation and management of a Google Cloud Platform project.

Projects created with this resource must be associated with an Organization. See the Organization documentation for more details.

The service account used to run this provider when creating a gcp.organizations.Project resource must have roles/resourcemanager.projectCreator. See the Access Control for Organizations Using IAM doc for more information.

Note that prior to 0.8.5, gcp.organizations.Project functioned like a data source, meaning any project referenced by it had to be created and managed outside this provider. As of 0.8.5, gcp.organizations.Project functions like any other resource, with this provider creating and managing the project. To replicate the old behavior, either:

  • Use the project ID directly in whatever is referencing the project, using the gcp.projects.IAMPolicy to replace the old policyData property.
  • Use the import functionality to import your pre-existing project into this provider, where it can be referenced and used just like always, keeping in mind that this provider will attempt to undo any changes made outside this provider.

It’s important to note that any project resources that were added to your config prior to 0.8.5 will continue to function as they always have, and will not be managed by this provider. Only newly added projects are affected.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myProject = new gcp.organizations.Project("myProject", {
    orgId: "1234567",
    projectId: "your-project-id",
});

To create a project under a specific folder

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const department1 = new gcp.organizations.Folder("department1", {
    displayName: "Department 1",
    parent: "organizations/1234567",
});
const myProjectInAFolder = new gcp.organizations.Project("my_project-in-a-folder", {
    folderId: department1.name,
    projectId: "your-project-id",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project.html.markdown.

constructor

new Project(name: string, args: ProjectArgs, opts?: pulumi.CustomResourceOptions)

Create a Project resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProjectState, opts?: pulumi.CustomResourceOptions): Project

Get an existing Project resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Project. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property autoCreateNetwork

public autoCreateNetwork: pulumi.Output<boolean | undefined>;

Create the ‘default’ network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project succesfully, even if you set autoCreateNetwork to false, since the network will exist momentarily.

property billingAccount

public billingAccount: pulumi.Output<string | undefined>;

The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with this provider must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.

property folderId

public folderId: pulumi.Output<string>;

The numeric ID of the folder this project should be created under. Only one of orgId or folderId may be specified. If the folderId is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property labels

public labels: pulumi.Output<{[key: string]: string} | undefined>;

A set of key/value label pairs to assign to the project.

property name

public name: pulumi.Output<string>;

The display name of the project.

property number

public number: pulumi.Output<string>;

The numeric identifier of the project.

property orgId

public orgId: pulumi.Output<string>;

The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of orgId or folderId may be specified. If the orgId is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.

property projectId

public projectId: pulumi.Output<string>;

The project ID. Changing this forces a new project to be created.

property skipDelete

public skipDelete: pulumi.Output<boolean>;

If true, the resource can be deleted without deleting the Project via the Google API.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Data Sources

Data Source getActiveFolder

getActiveFolder(args: GetActiveFolderArgs, opts?: pulumi.InvokeOptions): Promise<GetActiveFolderResult> & GetActiveFolderResult

Get an active folder within GCP by displayName and parent.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const department1 = gcp.organizations.getActiveFolder({
    displayName: "Department 1",
    parent: "organizations/1234567",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/active_folder.html.markdown.

Data Source getBillingAccount

getBillingAccount(args?: GetBillingAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetBillingAccountResult> & GetBillingAccountResult

Use this data source to get information about a Google Billing Account.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const acct = gcp.organizations.getBillingAccount({
    displayName: "My Billing Account",
    open: true,
});
const myProject = new gcp.organizations.Project("myProject", {
    billingAccount: acct.id,
    orgId: "1234567",
    projectId: "your-project-id",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/billing_account.html.markdown.

Data Source getClientConfig

getClientConfig(opts?: pulumi.InvokeOptions): Promise<GetClientConfigResult> & GetClientConfigResult

Use this data source to access the configuration of the Google Cloud provider.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const current = gcp.organizations.getClientConfig({});

export const project = current.project;

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/client_config.html.markdown.

Data Source getClientOpenIdUserInfo

getClientOpenIdUserInfo(opts?: pulumi.InvokeOptions): Promise<GetClientOpenIdUserInfoResult> & GetClientOpenIdUserInfoResult

Get OpenID userinfo about the credentials used with the Google provider, specifically the email.

When the https://www.googleapis.com/auth/userinfo.email scope is enabled in your provider block, this datasource enables you to export the email of the account you’ve authenticated the provider with; this can be used alongside data.google_client_config’s accessToken to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.

This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise.

Example Usage - exporting an email

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const me = gcp.organizations.getClientOpenIdUserInfo({});

export const myEmail = me.email;

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/client_openid_userinfo.html.markdown.

Data Source getFolder

getFolder(args: GetFolderArgs, opts?: pulumi.InvokeOptions): Promise<GetFolderResult> & GetFolderResult

Use this data source to get information about a Google Cloud Folder.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// Get folder by id
const myFolder1 = gcp.organizations.getFolder({
    folder: "folders/12345",
    lookupOrganization: true,
});
// Search by fields
const myFolder2 = gcp.organizations.getFolder({
    folder: "folders/23456",
});

export const myFolder1Organization = myFolder1.organization;
export const myFolder2Parent = myFolder2.parent;

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/folder.html.markdown.

Data Source getIAMPolicy

getIAMPolicy(args: GetIAMPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetIAMPolicyResult> & GetIAMPolicyResult

Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform resources, such as the gcp.organizations.Project resource.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    auditConfigs: [{
        auditLogConfigs: [
            {
                exemptedMembers: ["user:you@domain.com"],
                logType: "DATA_READ",
            },
            {
                logType: "DATA_WRITE",
            },
            {
                logType: "ADMIN_READ",
            },
        ],
        service: "cloudkms.googleapis.com",
    }],
    bindings: [
        {
            members: ["serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com"],
            role: "roles/compute.instanceAdmin",
        },
        {
            members: ["user:alice@gmail.com"],
            role: "roles/storage.objectViewer",
        },
    ],
});

This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.

Note: Several restrictions apply when setting IAM policies through this API. See the setIamPolicy docs for a list of these restrictions.

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/iam_policy.html.markdown.

Data Source getOrganization

getOrganization(args?: GetOrganizationArgs, opts?: pulumi.InvokeOptions): Promise<GetOrganizationResult> & GetOrganizationResult

Use this data source to get information about a Google Cloud Organization.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const org = gcp.organizations.getOrganization({
    domain: "example.com",
});
const sales = new gcp.organizations.Folder("sales", {
    displayName: "Sales",
    parent: org.name,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/organization.html.markdown.

Data Source getProject

getProject(args?: GetProjectArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectResult> & GetProjectResult

Use this data source to get project details. For more information see API

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = gcp.organizations.getProject({});

export const projectNumber = project.number;

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/project.html.markdown.

Data Source getProjectServices

getProjectServices(args?: GetProjectServicesArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectServicesResult> & GetProjectServicesResult

Use this data source to get details on the enabled project services.

For a list of services available, visit the API library page or run gcloud services list.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = gcp.organizations.getProjectServices({
    project: "your-project-id",
});

export const projectServices = project.services.join(",");

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/project_services.html.markdown.

Others

interface FolderArgs

interface FolderArgs

The set of arguments for constructing a Folder resource.

property displayName

displayName: pulumi.Input<string>;

The folder’s display name. A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.

property parent

parent: pulumi.Input<string>;

The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.

interface FolderState

interface FolderState

Input properties used for looking up and filtering Folder resources.

property createTime

createTime?: pulumi.Input<string>;

Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds. Example: “2014-10-02T15:01:23.045123456Z”.

property displayName

displayName?: pulumi.Input<string>;

The folder’s display name. A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.

property lifecycleState

lifecycleState?: pulumi.Input<string>;

The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.

property name

name?: pulumi.Input<string>;

The resource name of the Folder. Its format is folders/{folder_id}.

property parent

parent?: pulumi.Input<string>;

The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.

interface GetActiveFolderArgs

interface GetActiveFolderArgs

A collection of arguments for invoking getActiveFolder.

property displayName

displayName: string;

The folder’s display name.

property parent

parent: string;

The resource name of the parent Folder or Organization.

interface GetActiveFolderResult

interface GetActiveFolderResult

A collection of values returned by getActiveFolder.

property displayName

displayName: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

The resource name of the Folder. This uniquely identifies the folder.

property parent

parent: string;

interface GetBillingAccountArgs

interface GetBillingAccountArgs

A collection of arguments for invoking getBillingAccount.

property billingAccount

billingAccount?: undefined | string;

The name of the billing account in the form {billing_account_id} or billingAccounts/{billing_account_id}.

property displayName

displayName?: undefined | string;

The display name of the billing account.

property open

open?: undefined | false | true;

true if the billing account is open, false if the billing account is closed.

interface GetBillingAccountResult

interface GetBillingAccountResult

A collection of values returned by getBillingAccount.

property billingAccount

billingAccount?: undefined | string;

property displayName

displayName: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

The resource name of the billing account in the form billingAccounts/{billing_account_id}.

property open

open: boolean;

property projectIds

projectIds: string[];

The IDs of any projects associated with the billing account.

interface GetClientConfigResult

interface GetClientConfigResult

A collection of values returned by getClientConfig.

property accessToken

accessToken: string;

The OAuth2 access token used by the client to authenticate against the Google Cloud API.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property project

project: string;

The ID of the project to apply any resources to.

property region

region: string;

The region to operate under.

property zone

zone: string;

The zone to operate under.

interface GetClientOpenIdUserInfoResult

interface GetClientOpenIdUserInfoResult

A collection of values returned by getClientOpenIdUserInfo.

property email

email: string;

The email of the account used by the provider to authenticate with GCP.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

interface GetFolderArgs

interface GetFolderArgs

A collection of arguments for invoking getFolder.

property folder

folder: string;

The name of the Folder in the form {folder_id} or folders/{folder_id}.

property lookupOrganization

lookupOrganization?: undefined | false | true;

true to find the organization that the folder belongs, false to avoid the lookup. It searches up the tree. (defaults to false)

interface GetFolderResult

interface GetFolderResult

A collection of values returned by getFolder.

property createTime

createTime: string;

Timestamp when the Organization was created. A timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds. Example: “2014-10-02T15:01:23.045123456Z”.

property displayName

displayName: string;

The folder’s display name.

property folder

folder: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property lifecycleState

lifecycleState: string;

The Folder’s current lifecycle state.

property lookupOrganization

lookupOrganization?: undefined | false | true;

property name

name: string;

The resource name of the Folder in the form folders/{folder_id}.

property organization

organization: string;

If lookupOrganization is enable, the resource name of the Organization that the folder belongs.

property parent

parent: string;

The resource name of the parent Folder or Organization.

interface GetIAMPolicyArgs

interface GetIAMPolicyArgs

A collection of arguments for invoking getIAMPolicy.

property auditConfigs

auditConfigs?: inputs.organizations.GetIAMPolicyAuditConfig[];

A nested configuration block that defines logging additional configuration for your project.

property bindings

bindings: inputs.organizations.GetIAMPolicyBinding[];

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

interface GetIAMPolicyResult

interface GetIAMPolicyResult

A collection of values returned by getIAMPolicy.

property auditConfigs

auditConfigs?: outputs.organizations.GetIAMPolicyAuditConfig[];

property bindings

bindings: outputs.organizations.GetIAMPolicyBinding[];

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property policyData

policyData: string;

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

interface GetOrganizationArgs

interface GetOrganizationArgs

A collection of arguments for invoking getOrganization.

property domain

domain?: undefined | string;

The domain name of the Organization.

property organization

organization?: undefined | string;

The name of the Organization in the form {organization_id} or organizations/{organization_id}.

interface GetOrganizationResult

interface GetOrganizationResult

A collection of values returned by getOrganization.

property createTime

createTime: string;

Timestamp when the Organization was created. A timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds. Example: “2014-10-02T15:01:23.045123456Z”.

property directoryCustomerId

directoryCustomerId: string;

The Google for Work customer ID of the Organization.

property domain

domain: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property lifecycleState

lifecycleState: string;

The Organization’s current lifecycle state.

property name

name: string;

The resource name of the Organization in the form organizations/{organization_id}.

property organization

organization?: undefined | string;

interface GetProjectArgs

interface GetProjectArgs

A collection of arguments for invoking getProject.

property projectId

projectId?: undefined | string;

The project ID. If it is not provided, the provider project is used.

interface GetProjectResult

interface GetProjectResult

A collection of values returned by getProject.

property appEngines

appEngines: outputs.organizations.GetProjectAppEngine[];

property autoCreateNetwork

autoCreateNetwork: boolean;

property billingAccount

billingAccount: string;

property folderId

folderId: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property labels

labels: {[key: string]: string};

property name

name: string;

property number

number: string;

property orgId

orgId: string;

property policyData

policyData: string;

property policyEtag

policyEtag: string;

property projectId

projectId?: undefined | string;

property skipDelete

skipDelete: boolean;

interface GetProjectServicesArgs

interface GetProjectServicesArgs

A collection of arguments for invoking getProjectServices.

property project

project?: undefined | string;

The project ID.

interface GetProjectServicesResult

interface GetProjectServicesResult

A collection of values returned by getProjectServices.

property disableOnDestroy

disableOnDestroy: boolean;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property project

project?: undefined | string;

property services

services: string[];

interface IAMBindingArgs

interface IAMBindingArgs

The set of arguments for constructing a IAMBinding resource.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

property orgId

orgId: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.organizations.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMBindingState

interface IAMBindingState

Input properties used for looking up and filtering IAMBinding resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the organization’s IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

property orgId

orgId?: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.organizations.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMCustomRoleArgs

interface IAMCustomRoleArgs

The set of arguments for constructing a IAMCustomRole resource.

property description

description?: pulumi.Input<string>;

A human-readable description for the role.

property orgId

orgId: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property permissions

permissions: pulumi.Input<pulumi.Input<string>[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property roleId

roleId: pulumi.Input<string>;

The role id to use for this role.

property stage

stage?: pulumi.Input<string>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

title: pulumi.Input<string>;

A human-readable title for the role.

interface IAMCustomRoleState

interface IAMCustomRoleState

Input properties used for looking up and filtering IAMCustomRole resources.

property deleted

deleted?: pulumi.Input<boolean>;

(Optional) The current deleted state of the role.

property description

description?: pulumi.Input<string>;

A human-readable description for the role.

property orgId

orgId?: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property permissions

permissions?: pulumi.Input<pulumi.Input<string>[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property roleId

roleId?: pulumi.Input<string>;

The role id to use for this role.

property stage

stage?: pulumi.Input<string>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

title?: pulumi.Input<string>;

A human-readable title for the role.

interface IAMMemberArgs

interface IAMMemberArgs

The set of arguments for constructing a IAMMember resource.

property member

member: pulumi.Input<string>;

The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

property orgId

orgId: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property role

role: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMMemberState

interface IAMMemberState

Input properties used for looking up and filtering IAMMember resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the organization’s IAM policy.

property member

member?: pulumi.Input<string>;

The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

property orgId

orgId?: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property role

role?: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMPolicyArgs

interface IAMPolicyArgs

The set of arguments for constructing a IAMPolicy resource.

property orgId

orgId: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property policyData

policyData: pulumi.Input<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.

interface IAMPolicyState

interface IAMPolicyState

Input properties used for looking up and filtering IAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

property orgId

orgId?: pulumi.Input<string>;

The numeric ID of the organization in which you want to create a custom role.

property policyData

policyData?: pulumi.Input<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.

interface PolicyArgs

interface PolicyArgs

The set of arguments for constructing a Policy resource.

property booleanPolicy

booleanPolicy?: pulumi.Input<inputs.organizations.PolicyBooleanPolicy>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property listPolicy

listPolicy?: pulumi.Input<inputs.organizations.PolicyListPolicy>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property orgId

orgId: pulumi.Input<string>;

The numeric ID of the organization to set the policy for.

property restorePolicy

restorePolicy?: pulumi.Input<inputs.organizations.PolicyRestorePolicy>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

interface PolicyState

interface PolicyState

Input properties used for looking up and filtering Policy resources.

property booleanPolicy

booleanPolicy?: pulumi.Input<inputs.organizations.PolicyBooleanPolicy>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint?: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property listPolicy

listPolicy?: pulumi.Input<inputs.organizations.PolicyListPolicy>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property orgId

orgId?: pulumi.Input<string>;

The numeric ID of the organization to set the policy for.

property restorePolicy

restorePolicy?: pulumi.Input<inputs.organizations.PolicyRestorePolicy>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

updateTime?: pulumi.Input<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

interface ProjectArgs

interface ProjectArgs

The set of arguments for constructing a Project resource.

property autoCreateNetwork

autoCreateNetwork?: pulumi.Input<boolean>;

Create the ‘default’ network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project succesfully, even if you set autoCreateNetwork to false, since the network will exist momentarily.

property billingAccount

billingAccount?: pulumi.Input<string>;

The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with this provider must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.

property folderId

folderId?: pulumi.Input<string>;

The numeric ID of the folder this project should be created under. Only one of orgId or folderId may be specified. If the folderId is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value label pairs to assign to the project.

property name

name?: pulumi.Input<string>;

The display name of the project.

property orgId

orgId?: pulumi.Input<string>;

The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of orgId or folderId may be specified. If the orgId is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.

property projectId

projectId: pulumi.Input<string>;

The project ID. Changing this forces a new project to be created.

property skipDelete

skipDelete?: pulumi.Input<boolean>;

If true, the resource can be deleted without deleting the Project via the Google API.

interface ProjectState

interface ProjectState

Input properties used for looking up and filtering Project resources.

property autoCreateNetwork

autoCreateNetwork?: pulumi.Input<boolean>;

Create the ‘default’ network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project succesfully, even if you set autoCreateNetwork to false, since the network will exist momentarily.

property billingAccount

billingAccount?: pulumi.Input<string>;

The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with this provider must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.

property folderId

folderId?: pulumi.Input<string>;

The numeric ID of the folder this project should be created under. Only one of orgId or folderId may be specified. If the folderId is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value label pairs to assign to the project.

property name

name?: pulumi.Input<string>;

The display name of the project.

property number

number?: pulumi.Input<string>;

The numeric identifier of the project.

property orgId

orgId?: pulumi.Input<string>;

The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of orgId or folderId may be specified. If the orgId is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.

property projectId

projectId?: pulumi.Input<string>;

The project ID. Changing this forces a new project to be created.

property skipDelete

skipDelete?: pulumi.Input<boolean>;

If true, the resource can be deleted without deleting the Project via the Google API.