Module projects

@pulumi/gcp > projects

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class IAMAuditConfig

extends CustomResource

constructor

new IAMAuditConfig(name: string, args: IAMAuditConfigArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMAuditConfig resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMAuditConfigState, opts?: pulumi.CustomResourceOptions): IAMAuditConfig

Get an existing IAMAuditConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMAuditConfig. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property auditLogConfigs

public auditLogConfigs: pulumi.Output<{
    exemptedMembers: string[];
    logType: string;
}[]>;

property etag

public etag: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property project

public project: pulumi.Output<string>;

property service

public service: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMBinding

extends CustomResource

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • gcp.projects.IAMPolicy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • gcp.projects.IAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • gcp.projects.IAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: gcp.projects.IAMPolicy cannot be used in conjunction with gcp.projects.IAMBinding and gcp.projects.IAMMember or they will fight over what your policy should be.

Note: gcp.projects.IAMBinding resources can be used in conjunction with gcp.projects.IAMMember resources only if they do not grant privilege to the same role.

google_project_iam_policy

Be careful! You can accidentally lock yourself out of your project using this resource. Deleting a gcp.projects.IAMPolicy removes access from anyone without organization-level access to the project. Proceed with caution. It’s not recommended to use gcp.projects.IAMPolicy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by this provider.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const project = new gcp.projects.IAMPolicy("project", {
    policyData: admin.policyData,
    project: "your-project-id",
});

google_project_iam_binding

Note: If role is set to roles/owner and you don’t specify a user or service account you have access to in members, you can lock yourself out of your project.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMBinding("project", {
    members: ["user:jane@example.com"],
    project: "your-project-id",
    role: "roles/editor",
});

google_project_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMMember("project", {
    member: "user:jane@example.com",
    project: "your-project-id",
    role: "roles/editor",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_iam_binding.html.markdown.

constructor

new IAMBinding(name: string, args: IAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMBindingState, opts?: pulumi.CustomResourceOptions): IAMBinding

Get an existing IAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the project’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.projects.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMCustomRole

extends CustomResource

Allows management of a customized Cloud IAM project role. For more information see the official documentation and API.

Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by this provider, and new roles cannot share that name.

Example Usage

This snippet creates a customized IAM role.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myCustomRole = new gcp.projects.IAMCustomRole("my-custom-role", {
    description: "A description",
    permissions: [
        "iam.roles.list",
        "iam.roles.create",
        "iam.roles.delete",
    ],
    roleId: "myCustomRole",
    title: "My Custom Role",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_iam_custom_role.html.markdown.

constructor

new IAMCustomRole(name: string, args: IAMCustomRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMCustomRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMCustomRoleState, opts?: pulumi.CustomResourceOptions): IAMCustomRole

Get an existing IAMCustomRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMCustomRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property deleted

public deleted: pulumi.Output<boolean>;

(Optional) The current deleted state of the role.

property description

public description: pulumi.Output<string | undefined>;

A human-readable description for the role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property permissions

public permissions: pulumi.Output<string[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property project

public project: pulumi.Output<string>;

The project that the service account will be created in. Defaults to the provider project configuration.

property roleId

public roleId: pulumi.Output<string>;

The role id to use for this role.

property stage

public stage: pulumi.Output<string | undefined>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

public title: pulumi.Output<string>;

A human-readable title for the role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMMember

extends CustomResource

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • gcp.projects.IAMPolicy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • gcp.projects.IAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • gcp.projects.IAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: gcp.projects.IAMPolicy cannot be used in conjunction with gcp.projects.IAMBinding and gcp.projects.IAMMember or they will fight over what your policy should be.

Note: gcp.projects.IAMBinding resources can be used in conjunction with gcp.projects.IAMMember resources only if they do not grant privilege to the same role.

google_project_iam_policy

Be careful! You can accidentally lock yourself out of your project using this resource. Deleting a gcp.projects.IAMPolicy removes access from anyone without organization-level access to the project. Proceed with caution. It’s not recommended to use gcp.projects.IAMPolicy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by this provider.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const project = new gcp.projects.IAMPolicy("project", {
    policyData: admin.policyData,
    project: "your-project-id",
});

google_project_iam_binding

Note: If role is set to roles/owner and you don’t specify a user or service account you have access to in members, you can lock yourself out of your project.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMBinding("project", {
    members: ["user:jane@example.com"],
    project: "your-project-id",
    role: "roles/editor",
});

google_project_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMMember("project", {
    member: "user:jane@example.com",
    project: "your-project-id",
    role: "roles/editor",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_iam_member.html.markdown.

constructor

new IAMMember(name: string, args: IAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMMemberState, opts?: pulumi.CustomResourceOptions): IAMMember

Get an existing IAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the project’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.projects.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMPolicy

extends CustomResource

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • gcp.projects.IAMPolicy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • gcp.projects.IAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • gcp.projects.IAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: gcp.projects.IAMPolicy cannot be used in conjunction with gcp.projects.IAMBinding and gcp.projects.IAMMember or they will fight over what your policy should be.

Note: gcp.projects.IAMBinding resources can be used in conjunction with gcp.projects.IAMMember resources only if they do not grant privilege to the same role.

google_project_iam_policy

Be careful! You can accidentally lock yourself out of your project using this resource. Deleting a gcp.projects.IAMPolicy removes access from anyone without organization-level access to the project. Proceed with caution. It’s not recommended to use gcp.projects.IAMPolicy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by this provider.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const project = new gcp.projects.IAMPolicy("project", {
    policyData: admin.policyData,
    project: "your-project-id",
});

google_project_iam_binding

Note: If role is set to roles/owner and you don’t specify a user or service account you have access to in members, you can lock yourself out of your project.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMBinding("project", {
    members: ["user:jane@example.com"],
    project: "your-project-id",
    role: "roles/editor",
});

google_project_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMMember("project", {
    member: "user:jane@example.com",
    project: "your-project-id",
    role: "roles/editor",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_iam_policy.html.markdown.

constructor

new IAMPolicy(name: string, args: IAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMPolicyState, opts?: pulumi.CustomResourceOptions): IAMPolicy

Get an existing IAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the project’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.

property project

public project: pulumi.Output<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class OrganizationPolicy

extends CustomResource

Allows management of Organization policies for a Google Project. For more information see the official documentation and API.

Example Usage

To set policy with a boolean constraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const serialPortPolicy = new gcp.projects.OrganizationPolicy("serialPortPolicy", {
    booleanPolicy: {
        enforced: true,
    },
    constraint: "compute.disableSerialPortAccess",
    project: "your-project-id",
});

To set a policy with a list contraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.projects.OrganizationPolicy("servicesPolicy", {
    constraint: "serviceuser.services",
    listPolicy: {
        allow: {
            all: true,
        },
    },
    project: "your-project-id",
});

Or to deny some services, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.projects.OrganizationPolicy("servicesPolicy", {
    constraint: "serviceuser.services",
    listPolicy: {
        deny: {
            values: ["cloudresourcemanager.googleapis.com"],
        },
        suggestedValues: "compute.googleapis.com",
    },
    project: "your-project-id",
});

To restore the default project organization policy, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.projects.OrganizationPolicy("servicesPolicy", {
    constraint: "serviceuser.services",
    project: "your-project-id",
    restorePolicy: {
        default: true,
    },
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_organization_policy.html.markdown.

constructor

new OrganizationPolicy(name: string, args: OrganizationPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationPolicyState, opts?: pulumi.CustomResourceOptions): OrganizationPolicy

Get an existing OrganizationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of OrganizationPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property booleanPolicy

public booleanPolicy: pulumi.Output<{
    enforced: boolean;
} | undefined>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

public constraint: pulumi.Output<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property listPolicy

public listPolicy: pulumi.Output<{
    allow: undefined | {
        all: undefined | false | true;
        values: string[];
    };
    deny: undefined | {
        all: undefined | false | true;
        values: string[];
    };
    inheritFromParent: undefined | false | true;
    suggestedValue: string;
} | undefined>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property project

public project: pulumi.Output<string>;

The project id of the project to set the policy for.

property restorePolicy

public restorePolicy: pulumi.Output<{
    default: boolean;
} | undefined>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

public updateTime: pulumi.Output<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property version

public version: pulumi.Output<number>;

Version of the Policy. Default version is 0.

class Service

extends CustomResource

Allows management of a single API service for an existing Google Cloud Platform project.

For a list of services available, visit the API library page or run gcloud services list.

Note: This resource must not be used in conjunction with gcp.projects.Services or they will fight over which services should be enabled.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.Service("project", {
    disableDependentServices: true,
    project: "your-project-id",
    service: "iam.googleapis.com",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_service.html.markdown.

constructor

new Service(name: string, args: ServiceArgs, opts?: pulumi.CustomResourceOptions)

Create a Service resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceState, opts?: pulumi.CustomResourceOptions): Service

Get an existing Service resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Service. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property disableDependentServices

public disableDependentServices: pulumi.Output<boolean | undefined>;

If true, services that are enabled and which depend on this service should also be disabled when this service is destroyed. If false or unset, an error will be generated if any enabled services depend on this service when destroying it.

property disableOnDestroy

public disableOnDestroy: pulumi.Output<boolean | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property project

public project: pulumi.Output<string>;

The project ID. If not provided, the provider project is used.

property service

public service: pulumi.Output<string>;

The service to enable.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Services

extends CustomResource

Allows management of enabled API services for an existing Google Cloud Platform project. Services in an existing project that are not defined in the config will be removed.

For a list of services available, visit the API library page or run gcloud services list.

Note: This resource attempts to be the authoritative source on all enabled APIs, which often leads to conflicts when certain actions enable other APIs. If you do not need to ensure that exclusively a particular set of APIs are enabled, you should most likely use the gcp.projects.Service resource, one resource per API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.Services("project", {
    project: "your-project-id",
    services: [
        "iam.googleapis.com",
        "cloudresourcemanager.googleapis.com",
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_services.html.markdown.

constructor

new Services(name: string, args: ServicesArgs, opts?: pulumi.CustomResourceOptions)

Create a Services resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicesState, opts?: pulumi.CustomResourceOptions): Services

Get an existing Services resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Services. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property disableOnDestroy

public disableOnDestroy: pulumi.Output<boolean | undefined>;

Whether or not to disable APIs on project when destroyed. Defaults to true. Note: When disableOnDestroy is true and the project is changed, this provider will force disable API services managed by this provider for the previous project.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property project

public project: pulumi.Output<string>;

The project ID. Changing this forces this provider to attempt to disable all previously managed API services in the previous project.

property services

public services: pulumi.Output<string[]>;

The list of services that are enabled. Supports update.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class UsageExportBucket

extends CustomResource

Allows creation and management of a Google Cloud Platform project.

Projects created with this resource must be associated with an Organization. See the Organization documentation for more details.

The service account used to run this provider when creating a gcp.organizations.Project resource must have roles/resourcemanager.projectCreator. See the Access Control for Organizations Using IAM doc for more information.

Note that prior to 0.8.5, gcp.organizations.Project functioned like a data source, meaning any project referenced by it had to be created and managed outside this provider. As of 0.8.5, gcp.organizations.Project functions like any other resource, with this provider creating and managing the project. To replicate the old behavior, either:

  • Use the project ID directly in whatever is referencing the project, using the gcp.projects.IAMPolicy to replace the old policyData property.
  • Use the import functionality to import your pre-existing project into this provider, where it can be referenced and used just like always, keeping in mind that this provider will attempt to undo any changes made outside this provider.

It’s important to note that any project resources that were added to your config prior to 0.8.5 will continue to function as they always have, and will not be managed by this provider. Only newly added projects are affected.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myProject = new gcp.organizations.Project("myProject", {
    orgId: "1234567",
    projectId: "your-project-id",
});

To create a project under a specific folder

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const department1 = new gcp.organizations.Folder("department1", {
    displayName: "Department 1",
    parent: "organizations/1234567",
});
const myProjectInAFolder = new gcp.organizations.Project("my_project-in-a-folder", {
    folderId: department1.name,
    projectId: "your-project-id",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/project_usage_export_bucket.html.markdown.

constructor

new UsageExportBucket(name: string, args: UsageExportBucketArgs, opts?: pulumi.CustomResourceOptions)

Create a UsageExportBucket resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UsageExportBucketState, opts?: pulumi.CustomResourceOptions): UsageExportBucket

Get an existing UsageExportBucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of UsageExportBucket. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucketName

public bucketName: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property prefix

public prefix: pulumi.Output<string | undefined>;

property project

public project: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getOrganizationPolicy

getOrganizationPolicy(args: GetOrganizationPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetOrganizationPolicyResult> & GetOrganizationPolicyResult

Allows management of Organization policies for a Google Project. For more information see the official documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const policy = pulumi.output(gcp.projects.getOrganizationPolicy({
    constraint: "constraints/serviceuser.services",
    project: "project-id",
}));

export const version = policy.version;

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/project_organization_policy.html.markdown.

function getProject

getProject(args: GetProjectArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectResult> & GetProjectResult

Retrieve information about a set of projects based on a filter. See the REST API for more details.

Example Usage - searching for projects about to be deleted in an org

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myOrgProjects = pulumi.output(gcp.projects.getProject({
    filter: "parent.id:012345678910 lifecycleState:DELETE_REQUESTED",
}));
const deletionCandidate = my_org_projects.apply(my_org_projects => gcp.organizations.getProject({
    projectId: my_org_projects.projects[0].projectId,
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/projects.html.markdown.

interface GetOrganizationPolicyArgs

A collection of arguments for invoking getOrganizationPolicy.

property constraint

constraint: string;

(Required) The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property project

project: string;

The project ID.

interface GetOrganizationPolicyResult

A collection of values returned by getOrganizationPolicy.

property booleanPolicies

booleanPolicies: {
    enforced: boolean;
}[];

property constraint

constraint: string;

property etag

etag: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property listPolicies

listPolicies: {
    allows: {
        all: boolean;
        values: string[];
    }[];
    denies: {
        all: boolean;
        values: string[];
    }[];
    inheritFromParent: boolean;
    suggestedValue: string;
}[];

property project

project: string;

property restorePolicies

restorePolicies: {
    default: boolean;
}[];

property updateTime

updateTime: string;

property version

version: number;

interface GetProjectArgs

A collection of arguments for invoking getProject.

property filter

filter: string;

A string filter as defined in the REST API.

interface GetProjectResult

A collection of values returned by getProject.

property filter

filter: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property projects

projects: {
    projectId: string;
}[];

A list of projects matching the provided filter. Structure is defined below.

interface IAMAuditConfigArgs

The set of arguments for constructing a IAMAuditConfig resource.

property auditLogConfigs

auditLogConfigs: pulumi.Input<pulumi.Input<{
    exemptedMembers: pulumi.Input<pulumi.Input<string>[]>;
    logType: pulumi.Input<string>;
}>[]>;

property project

project?: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

interface IAMAuditConfigState

Input properties used for looking up and filtering IAMAuditConfig resources.

property auditLogConfigs

auditLogConfigs?: pulumi.Input<pulumi.Input<{
    exemptedMembers: pulumi.Input<pulumi.Input<string>[]>;
    logType: pulumi.Input<string>;
}>[]>;

property etag

etag?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

interface IAMBindingArgs

The set of arguments for constructing a IAMBinding resource.

property members

property project

project?: pulumi.Input<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.projects.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMBindingState

Input properties used for looking up and filtering IAMBinding resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the project’s IAM policy.

property members

property project

project?: pulumi.Input<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.projects.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMCustomRoleArgs

The set of arguments for constructing a IAMCustomRole resource.

property description

description?: pulumi.Input<string>;

A human-readable description for the role.

property permissions

permissions: pulumi.Input<pulumi.Input<string>[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property project

project?: pulumi.Input<string>;

The project that the service account will be created in. Defaults to the provider project configuration.

property roleId

roleId: pulumi.Input<string>;

The role id to use for this role.

property stage

stage?: pulumi.Input<string>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

title: pulumi.Input<string>;

A human-readable title for the role.

interface IAMCustomRoleState

Input properties used for looking up and filtering IAMCustomRole resources.

property deleted

deleted?: pulumi.Input<boolean>;

(Optional) The current deleted state of the role.

property description

description?: pulumi.Input<string>;

A human-readable description for the role.

property permissions

permissions?: pulumi.Input<pulumi.Input<string>[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property project

project?: pulumi.Input<string>;

The project that the service account will be created in. Defaults to the provider project configuration.

property roleId

roleId?: pulumi.Input<string>;

The role id to use for this role.

property stage

stage?: pulumi.Input<string>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

title?: pulumi.Input<string>;

A human-readable title for the role.

interface IAMMemberArgs

The set of arguments for constructing a IAMMember resource.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.projects.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMMemberState

Input properties used for looking up and filtering IAMMember resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the project’s IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.projects.IAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMPolicyArgs

The set of arguments for constructing a IAMPolicy resource.

property policyData

policyData: pulumi.Input<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.

property project

project: pulumi.Input<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

interface IAMPolicyState

Input properties used for looking up and filtering IAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the project’s IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The gcp.organizations.getIAMPolicy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.

property project

project?: pulumi.Input<string>;

The project ID. If not specified for gcp.projects.IAMBinding or gcp.projects.IAMMember, uses the ID of the project configured with the provider. Required for gcp.projects.IAMPolicy - you must explicitly set the project, and it will not be inferred from the provider.

interface OrganizationPolicyArgs

The set of arguments for constructing a OrganizationPolicy resource.

property booleanPolicy

booleanPolicy?: pulumi.Input<{
    enforced: pulumi.Input<boolean>;
}>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property listPolicy

listPolicy?: pulumi.Input<{
    allow: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    deny: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    inheritFromParent: pulumi.Input<boolean>;
    suggestedValue: pulumi.Input<string>;
}>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property project

project: pulumi.Input<string>;

The project id of the project to set the policy for.

property restorePolicy

restorePolicy?: pulumi.Input<{
    default: pulumi.Input<boolean>;
}>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

interface OrganizationPolicyState

Input properties used for looking up and filtering OrganizationPolicy resources.

property booleanPolicy

booleanPolicy?: pulumi.Input<{
    enforced: pulumi.Input<boolean>;
}>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint?: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property listPolicy

listPolicy?: pulumi.Input<{
    allow: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    deny: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    inheritFromParent: pulumi.Input<boolean>;
    suggestedValue: pulumi.Input<string>;
}>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property project

project?: pulumi.Input<string>;

The project id of the project to set the policy for.

property restorePolicy

restorePolicy?: pulumi.Input<{
    default: pulumi.Input<boolean>;
}>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

updateTime?: pulumi.Input<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

interface ServiceArgs

The set of arguments for constructing a Service resource.

property disableDependentServices

disableDependentServices?: pulumi.Input<boolean>;

If true, services that are enabled and which depend on this service should also be disabled when this service is destroyed. If false or unset, an error will be generated if any enabled services depend on this service when destroying it.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

property project

project?: pulumi.Input<string>;

The project ID. If not provided, the provider project is used.

property service

service: pulumi.Input<string>;

The service to enable.

interface ServiceState

Input properties used for looking up and filtering Service resources.

property disableDependentServices

disableDependentServices?: pulumi.Input<boolean>;

If true, services that are enabled and which depend on this service should also be disabled when this service is destroyed. If false or unset, an error will be generated if any enabled services depend on this service when destroying it.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

property project

project?: pulumi.Input<string>;

The project ID. If not provided, the provider project is used.

property service

service?: pulumi.Input<string>;

The service to enable.

interface ServicesArgs

The set of arguments for constructing a Services resource.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

Whether or not to disable APIs on project when destroyed. Defaults to true. Note: When disableOnDestroy is true and the project is changed, this provider will force disable API services managed by this provider for the previous project.

property project

project?: pulumi.Input<string>;

The project ID. Changing this forces this provider to attempt to disable all previously managed API services in the previous project.

property services

services: pulumi.Input<pulumi.Input<string>[]>;

The list of services that are enabled. Supports update.

interface ServicesState

Input properties used for looking up and filtering Services resources.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

Whether or not to disable APIs on project when destroyed. Defaults to true. Note: When disableOnDestroy is true and the project is changed, this provider will force disable API services managed by this provider for the previous project.

property project

project?: pulumi.Input<string>;

The project ID. Changing this forces this provider to attempt to disable all previously managed API services in the previous project.

property services

services?: pulumi.Input<pulumi.Input<string>[]>;

The list of services that are enabled. Supports update.

interface UsageExportBucketArgs

The set of arguments for constructing a UsageExportBucket resource.

property bucketName

bucketName: pulumi.Input<string>;

property prefix

prefix?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

interface UsageExportBucketState

Input properties used for looking up and filtering UsageExportBucket resources.

property bucketName

bucketName?: pulumi.Input<string>;

property prefix

prefix?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;