Docs Home
Google Cloud v8.29.0 published on Thursday, May 1, 2025 by Pulumi
gcp.accesscontextmanager.GcpUserAccessBinding
Explore with Pulumi AI
Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
To get more information about GcpUserAccessBinding, see:
Example Usage
Access Context Manager Gcp User Access Binding Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const group = new gcp.cloudidentity.Group("group", {
displayName: "my-identity-group",
parent: "customers/A01b123xz",
groupKey: {
id: "my-identity-group@example.com",
},
labels: {
"cloudidentity.googleapis.com/groups.discussion_forum": "",
},
});
const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
parent: "organizations/123456789",
title: "my policy",
});
const accessLevelIdForUserAccessBinding = new gcp.accesscontextmanager.AccessLevel("access_level_id_for_user_access_binding", {
parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
title: "chromeos_no_lock",
basic: {
conditions: [{
devicePolicy: {
requireScreenLock: true,
osConstraints: [{
osType: "DESKTOP_CHROME_OS",
}],
},
regions: ["US"],
}],
},
});
const gcpUserAccessBinding = new gcp.accesscontextmanager.GcpUserAccessBinding("gcp_user_access_binding", {
organizationId: "123456789",
groupKey: std.trimprefixOutput({
input: group.id,
prefix: "groups/",
}).apply(invoke => invoke.result),
accessLevels: accessLevelIdForUserAccessBinding.name,
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
group = gcp.cloudidentity.Group("group",
display_name="my-identity-group",
parent="customers/A01b123xz",
group_key={
"id": "my-identity-group@example.com",
},
labels={
"cloudidentity.googleapis.com/groups.discussion_forum": "",
})
access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
parent="organizations/123456789",
title="my policy")
access_level_id_for_user_access_binding = gcp.accesscontextmanager.AccessLevel("access_level_id_for_user_access_binding",
parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
title="chromeos_no_lock",
basic={
"conditions": [{
"device_policy": {
"require_screen_lock": True,
"os_constraints": [{
"os_type": "DESKTOP_CHROME_OS",
}],
},
"regions": ["US"],
}],
})
gcp_user_access_binding = gcp.accesscontextmanager.GcpUserAccessBinding("gcp_user_access_binding",
organization_id="123456789",
group_key=std.trimprefix_output(input=group.id,
prefix="groups/").apply(lambda invoke: invoke.result),
access_levels=access_level_id_for_user_access_binding.name)
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudidentity"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
group, err := cloudidentity.NewGroup(ctx, "group", &cloudidentity.GroupArgs{
DisplayName: pulumi.String("my-identity-group"),
Parent: pulumi.String("customers/A01b123xz"),
GroupKey: &cloudidentity.GroupGroupKeyArgs{
Id: pulumi.String("my-identity-group@example.com"),
},
Labels: pulumi.StringMap{
"cloudidentity.googleapis.com/groups.discussion_forum": pulumi.String(""),
},
})
if err != nil {
return err
}
access_policy, err := accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
Parent: pulumi.String("organizations/123456789"),
Title: pulumi.String("my policy"),
})
if err != nil {
return err
}
accessLevelIdForUserAccessBinding, err := accesscontextmanager.NewAccessLevel(ctx, "access_level_id_for_user_access_binding", &accesscontextmanager.AccessLevelArgs{
Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("accessPolicies/%v", name), nil
}).(pulumi.StringOutput),
Name: access_policy.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
}).(pulumi.StringOutput),
Title: pulumi.String("chromeos_no_lock"),
Basic: &accesscontextmanager.AccessLevelBasicArgs{
Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
&accesscontextmanager.AccessLevelBasicConditionArgs{
DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
RequireScreenLock: pulumi.Bool(true),
OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
OsType: pulumi.String("DESKTOP_CHROME_OS"),
},
},
},
Regions: pulumi.StringArray{
pulumi.String("US"),
},
},
},
},
})
if err != nil {
return err
}
_, err = accesscontextmanager.NewGcpUserAccessBinding(ctx, "gcp_user_access_binding", &accesscontextmanager.GcpUserAccessBindingArgs{
OrganizationId: pulumi.String("123456789"),
GroupKey: pulumi.String(std.TrimprefixOutput(ctx, std.TrimprefixOutputArgs{
Input: group.ID(),
Prefix: pulumi.String("groups/"),
}, nil).ApplyT(func(invoke std.TrimprefixResult) (*string, error) {
return invoke.Result, nil
}).(pulumi.StringPtrOutput)),
AccessLevels: accessLevelIdForUserAccessBinding.Name,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @group = new Gcp.CloudIdentity.Group("group", new()
{
DisplayName = "my-identity-group",
Parent = "customers/A01b123xz",
GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs
{
Id = "my-identity-group@example.com",
},
Labels =
{
{ "cloudidentity.googleapis.com/groups.discussion_forum", "" },
},
});
var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
{
Parent = "organizations/123456789",
Title = "my policy",
});
var accessLevelIdForUserAccessBinding = new Gcp.AccessContextManager.AccessLevel("access_level_id_for_user_access_binding", new()
{
Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
Title = "chromeos_no_lock",
Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs
{
Conditions = new[]
{
new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs
{
DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs
{
RequireScreenLock = true,
OsConstraints = new[]
{
new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs
{
OsType = "DESKTOP_CHROME_OS",
},
},
},
Regions = new[]
{
"US",
},
},
},
},
});
var gcpUserAccessBinding = new Gcp.AccessContextManager.GcpUserAccessBinding("gcp_user_access_binding", new()
{
OrganizationId = "123456789",
GroupKey = Std.Trimprefix.Invoke(new()
{
Input = @group.Id,
Prefix = "groups/",
}).Apply(invoke => invoke.Result),
AccessLevels = accessLevelIdForUserAccessBinding.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.cloudidentity.Group;
import com.pulumi.gcp.cloudidentity.GroupArgs;
import com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;
import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
import com.pulumi.gcp.accesscontextmanager.AccessLevel;
import com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;
import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;
import com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding;
import com.pulumi.gcp.accesscontextmanager.GcpUserAccessBindingArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.TrimprefixArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var group = new Group("group", GroupArgs.builder()
.displayName("my-identity-group")
.parent("customers/A01b123xz")
.groupKey(GroupGroupKeyArgs.builder()
.id("my-identity-group@example.com")
.build())
.labels(Map.of("cloudidentity.googleapis.com/groups.discussion_forum", ""))
.build());
var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
.parent("organizations/123456789")
.title("my policy")
.build());
var accessLevelIdForUserAccessBinding = new AccessLevel("accessLevelIdForUserAccessBinding", AccessLevelArgs.builder()
.parent(access_policy.name().applyValue(_name -> String.format("accessPolicies/%s", _name)))
.name(access_policy.name().applyValue(_name -> String.format("accessPolicies/%s/accessLevels/chromeos_no_lock", _name)))
.title("chromeos_no_lock")
.basic(AccessLevelBasicArgs.builder()
.conditions(AccessLevelBasicConditionArgs.builder()
.devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()
.requireScreenLock(true)
.osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()
.osType("DESKTOP_CHROME_OS")
.build())
.build())
.regions("US")
.build())
.build())
.build());
var gcpUserAccessBinding = new GcpUserAccessBinding("gcpUserAccessBinding", GcpUserAccessBindingArgs.builder()
.organizationId("123456789")
.groupKey(StdFunctions.trimprefix(TrimprefixArgs.builder()
.input(group.id())
.prefix("groups/")
.build()).applyValue(_invoke -> _invoke.result()))
.accessLevels(accessLevelIdForUserAccessBinding.name())
.build());
}
}
resources:
group:
type: gcp:cloudidentity:Group
properties:
displayName: my-identity-group
parent: customers/A01b123xz
groupKey:
id: my-identity-group@example.com
labels:
cloudidentity.googleapis.com/groups.discussion_forum: ""
accessLevelIdForUserAccessBinding:
type: gcp:accesscontextmanager:AccessLevel
name: access_level_id_for_user_access_binding
properties:
parent: accessPolicies/${["access-policy"].name}
name: accessPolicies/${["access-policy"].name}/accessLevels/chromeos_no_lock
title: chromeos_no_lock
basic:
conditions:
- devicePolicy:
requireScreenLock: true
osConstraints:
- osType: DESKTOP_CHROME_OS
regions:
- US
access-policy:
type: gcp:accesscontextmanager:AccessPolicy
properties:
parent: organizations/123456789
title: my policy
gcpUserAccessBinding:
type: gcp:accesscontextmanager:GcpUserAccessBinding
name: gcp_user_access_binding
properties:
organizationId: '123456789'
groupKey:
fn::invoke:
function: std:trimprefix
arguments:
input: ${group.id}
prefix: groups/
return: result
accessLevels: ${accessLevelIdForUserAccessBinding.name}
Create GcpUserAccessBinding Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GcpUserAccessBinding(name: string, args: GcpUserAccessBindingArgs, opts?: CustomResourceOptions);@overload
def GcpUserAccessBinding(resource_name: str,
args: GcpUserAccessBindingArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GcpUserAccessBinding(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_key: Optional[str] = None,
organization_id: Optional[str] = None,
access_levels: Optional[str] = None,
scoped_access_settings: Optional[Sequence[GcpUserAccessBindingScopedAccessSettingArgs]] = None,
session_settings: Optional[GcpUserAccessBindingSessionSettingsArgs] = None)func NewGcpUserAccessBinding(ctx *Context, name string, args GcpUserAccessBindingArgs, opts ...ResourceOption) (*GcpUserAccessBinding, error)public GcpUserAccessBinding(string name, GcpUserAccessBindingArgs args, CustomResourceOptions? opts = null)
public GcpUserAccessBinding(String name, GcpUserAccessBindingArgs args)
public GcpUserAccessBinding(String name, GcpUserAccessBindingArgs args, CustomResourceOptions options)
type: gcp:accesscontextmanager:GcpUserAccessBinding
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gcpUserAccessBindingResource = new Gcp.AccessContextManager.GcpUserAccessBinding("gcpUserAccessBindingResource", new()
{
GroupKey = "string",
OrganizationId = "string",
AccessLevels = "string",
ScopedAccessSettings = new[]
{
new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingScopedAccessSettingArgs
{
ActiveSettings = new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingScopedAccessSettingActiveSettingsArgs
{
AccessLevels = new[]
{
"string",
},
SessionSettings = new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettingsArgs
{
MaxInactivity = "string",
SessionLength = "string",
SessionLengthEnabled = false,
SessionReauthMethod = "string",
UseOidcMaxAge = false,
},
},
DryRunSettings = new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingScopedAccessSettingDryRunSettingsArgs
{
AccessLevels = "string",
},
Scope = new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingScopedAccessSettingScopeArgs
{
ClientScope = new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingScopedAccessSettingScopeClientScopeArgs
{
RestrictedClientApplication = new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplicationArgs
{
ClientId = "string",
},
},
},
},
},
SessionSettings = new Gcp.AccessContextManager.Inputs.GcpUserAccessBindingSessionSettingsArgs
{
MaxInactivity = "string",
SessionLength = "string",
SessionLengthEnabled = false,
SessionReauthMethod = "string",
UseOidcMaxAge = false,
},
});
example, err := accesscontextmanager.NewGcpUserAccessBinding(ctx, "gcpUserAccessBindingResource", &accesscontextmanager.GcpUserAccessBindingArgs{
GroupKey: pulumi.String("string"),
OrganizationId: pulumi.String("string"),
AccessLevels: pulumi.String("string"),
ScopedAccessSettings: accesscontextmanager.GcpUserAccessBindingScopedAccessSettingArray{
&accesscontextmanager.GcpUserAccessBindingScopedAccessSettingArgs{
ActiveSettings: &accesscontextmanager.GcpUserAccessBindingScopedAccessSettingActiveSettingsArgs{
AccessLevels: pulumi.StringArray{
pulumi.String("string"),
},
SessionSettings: &accesscontextmanager.GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettingsArgs{
MaxInactivity: pulumi.String("string"),
SessionLength: pulumi.String("string"),
SessionLengthEnabled: pulumi.Bool(false),
SessionReauthMethod: pulumi.String("string"),
UseOidcMaxAge: pulumi.Bool(false),
},
},
DryRunSettings: &accesscontextmanager.GcpUserAccessBindingScopedAccessSettingDryRunSettingsArgs{
AccessLevels: pulumi.String("string"),
},
Scope: &accesscontextmanager.GcpUserAccessBindingScopedAccessSettingScopeArgs{
ClientScope: &accesscontextmanager.GcpUserAccessBindingScopedAccessSettingScopeClientScopeArgs{
RestrictedClientApplication: &accesscontextmanager.GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplicationArgs{
ClientId: pulumi.String("string"),
},
},
},
},
},
SessionSettings: &accesscontextmanager.GcpUserAccessBindingSessionSettingsArgs{
MaxInactivity: pulumi.String("string"),
SessionLength: pulumi.String("string"),
SessionLengthEnabled: pulumi.Bool(false),
SessionReauthMethod: pulumi.String("string"),
UseOidcMaxAge: pulumi.Bool(false),
},
})
var gcpUserAccessBindingResource = new GcpUserAccessBinding("gcpUserAccessBindingResource", GcpUserAccessBindingArgs.builder()
.groupKey("string")
.organizationId("string")
.accessLevels("string")
.scopedAccessSettings(GcpUserAccessBindingScopedAccessSettingArgs.builder()
.activeSettings(GcpUserAccessBindingScopedAccessSettingActiveSettingsArgs.builder()
.accessLevels("string")
.sessionSettings(GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettingsArgs.builder()
.maxInactivity("string")
.sessionLength("string")
.sessionLengthEnabled(false)
.sessionReauthMethod("string")
.useOidcMaxAge(false)
.build())
.build())
.dryRunSettings(GcpUserAccessBindingScopedAccessSettingDryRunSettingsArgs.builder()
.accessLevels("string")
.build())
.scope(GcpUserAccessBindingScopedAccessSettingScopeArgs.builder()
.clientScope(GcpUserAccessBindingScopedAccessSettingScopeClientScopeArgs.builder()
.restrictedClientApplication(GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplicationArgs.builder()
.clientId("string")
.build())
.build())
.build())
.build())
.sessionSettings(GcpUserAccessBindingSessionSettingsArgs.builder()
.maxInactivity("string")
.sessionLength("string")
.sessionLengthEnabled(false)
.sessionReauthMethod("string")
.useOidcMaxAge(false)
.build())
.build());
gcp_user_access_binding_resource = gcp.accesscontextmanager.GcpUserAccessBinding("gcpUserAccessBindingResource",
group_key="string",
organization_id="string",
access_levels="string",
scoped_access_settings=[{
"active_settings": {
"access_levels": ["string"],
"session_settings": {
"max_inactivity": "string",
"session_length": "string",
"session_length_enabled": False,
"session_reauth_method": "string",
"use_oidc_max_age": False,
},
},
"dry_run_settings": {
"access_levels": "string",
},
"scope": {
"client_scope": {
"restricted_client_application": {
"client_id": "string",
},
},
},
}],
session_settings={
"max_inactivity": "string",
"session_length": "string",
"session_length_enabled": False,
"session_reauth_method": "string",
"use_oidc_max_age": False,
})
const gcpUserAccessBindingResource = new gcp.accesscontextmanager.GcpUserAccessBinding("gcpUserAccessBindingResource", {
groupKey: "string",
organizationId: "string",
accessLevels: "string",
scopedAccessSettings: [{
activeSettings: {
accessLevels: ["string"],
sessionSettings: {
maxInactivity: "string",
sessionLength: "string",
sessionLengthEnabled: false,
sessionReauthMethod: "string",
useOidcMaxAge: false,
},
},
dryRunSettings: {
accessLevels: "string",
},
scope: {
clientScope: {
restrictedClientApplication: {
clientId: "string",
},
},
},
}],
sessionSettings: {
maxInactivity: "string",
sessionLength: "string",
sessionLengthEnabled: false,
sessionReauthMethod: "string",
useOidcMaxAge: false,
},
});
type: gcp:accesscontextmanager:GcpUserAccessBinding
properties:
accessLevels: string
groupKey: string
organizationId: string
scopedAccessSettings:
- activeSettings:
accessLevels:
- string
sessionSettings:
maxInactivity: string
sessionLength: string
sessionLengthEnabled: false
sessionReauthMethod: string
useOidcMaxAge: false
dryRunSettings:
accessLevels: string
scope:
clientScope:
restrictedClientApplication:
clientId: string
sessionSettings:
maxInactivity: string
sessionLength: string
sessionLengthEnabled: false
sessionReauthMethod: string
useOidcMaxAge: false
GcpUserAccessBinding Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GcpUserAccessBinding resource accepts the following input properties:
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Organization
Id string - Required. ID of the parent organization.
- Access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Scoped
Access List<GcpSettings User Access Binding Scoped Access Setting> - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- Session
Settings GcpUser Access Binding Session Settings - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Organization
Id string - Required. ID of the parent organization.
- Access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Scoped
Access []GcpSettings User Access Binding Scoped Access Setting Args - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- Session
Settings GcpUser Access Binding Session Settings Args - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization
Id String - Required. ID of the parent organization.
- access
Levels String - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- scoped
Access List<GcpSettings User Access Binding Scoped Access Setting> - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session
Settings GcpUser Access Binding Session Settings - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization
Id string - Required. ID of the parent organization.
- access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- scoped
Access GcpSettings User Access Binding Scoped Access Setting[] - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session
Settings GcpUser Access Binding Session Settings - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- group_
key str - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization_
id str - Required. ID of the parent organization.
- access_
levels str - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- scoped_
access_ Sequence[Gcpsettings User Access Binding Scoped Access Setting Args] - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session_
settings GcpUser Access Binding Session Settings Args - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization
Id String - Required. ID of the parent organization.
- access
Levels String - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- scoped
Access List<Property Map>Settings - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session
Settings Property Map - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the GcpUserAccessBinding resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Look up Existing GcpUserAccessBinding Resource
Get an existing GcpUserAccessBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GcpUserAccessBindingState, opts?: CustomResourceOptions): GcpUserAccessBinding@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_levels: Optional[str] = None,
group_key: Optional[str] = None,
name: Optional[str] = None,
organization_id: Optional[str] = None,
scoped_access_settings: Optional[Sequence[GcpUserAccessBindingScopedAccessSettingArgs]] = None,
session_settings: Optional[GcpUserAccessBindingSessionSettingsArgs] = None) -> GcpUserAccessBindingfunc GetGcpUserAccessBinding(ctx *Context, name string, id IDInput, state *GcpUserAccessBindingState, opts ...ResourceOption) (*GcpUserAccessBinding, error)public static GcpUserAccessBinding Get(string name, Input<string> id, GcpUserAccessBindingState? state, CustomResourceOptions? opts = null)public static GcpUserAccessBinding get(String name, Output<String> id, GcpUserAccessBindingState state, CustomResourceOptions options)resources: _: type: gcp:accesscontextmanager:GcpUserAccessBinding get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- Organization
Id string - Required. ID of the parent organization.
- Scoped
Access List<GcpSettings User Access Binding Scoped Access Setting> - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- Session
Settings GcpUser Access Binding Session Settings - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- Access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- Organization
Id string - Required. ID of the parent organization.
- Scoped
Access []GcpSettings User Access Binding Scoped Access Setting Args - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- Session
Settings GcpUser Access Binding Session Settings Args - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- access
Levels String - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization
Id String - Required. ID of the parent organization.
- scoped
Access List<GcpSettings User Access Binding Scoped Access Setting> - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session
Settings GcpUser Access Binding Session Settings - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization
Id string - Required. ID of the parent organization.
- scoped
Access GcpSettings User Access Binding Scoped Access Setting[] - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session
Settings GcpUser Access Binding Session Settings - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- access_
levels str - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group_
key str - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name str
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization_
id str - Required. ID of the parent organization.
- scoped_
access_ Sequence[Gcpsettings User Access Binding Scoped Access Setting Args] - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session_
settings GcpUser Access Binding Session Settings Args - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
- access
Levels String - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization
Id String - Required. ID of the parent organization.
- scoped
Access List<Property Map>Settings - Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. Structure is documented below.
- session
Settings Property Map - Optional. The Google Cloud session length (GCSL) policy for the group key. Structure is documented below.
Supporting Types
GcpUserAccessBindingScopedAccessSetting, GcpUserAccessBindingScopedAccessSettingArgs
- Active
Settings GcpUser Access Binding Scoped Access Setting Active Settings - Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set. Structure is documented below.
- Dry
Run GcpSettings User Access Binding Scoped Access Setting Dry Run Settings - Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings. Structure is documented below.
- Scope
Gcp
User Access Binding Scoped Access Setting Scope - Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty. Structure is documented below.
- Active
Settings GcpUser Access Binding Scoped Access Setting Active Settings - Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set. Structure is documented below.
- Dry
Run GcpSettings User Access Binding Scoped Access Setting Dry Run Settings - Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings. Structure is documented below.
- Scope
Gcp
User Access Binding Scoped Access Setting Scope - Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty. Structure is documented below.
- active
Settings GcpUser Access Binding Scoped Access Setting Active Settings - Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set. Structure is documented below.
- dry
Run GcpSettings User Access Binding Scoped Access Setting Dry Run Settings - Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings. Structure is documented below.
- scope
Gcp
User Access Binding Scoped Access Setting Scope - Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty. Structure is documented below.
- active
Settings GcpUser Access Binding Scoped Access Setting Active Settings - Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set. Structure is documented below.
- dry
Run GcpSettings User Access Binding Scoped Access Setting Dry Run Settings - Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings. Structure is documented below.
- scope
Gcp
User Access Binding Scoped Access Setting Scope - Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty. Structure is documented below.
- active_
settings GcpUser Access Binding Scoped Access Setting Active Settings - Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set. Structure is documented below.
- dry_
run_ Gcpsettings User Access Binding Scoped Access Setting Dry Run Settings - Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings. Structure is documented below.
- scope
Gcp
User Access Binding Scoped Access Setting Scope - Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty. Structure is documented below.
- active
Settings Property Map - Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set. Structure is documented below.
- dry
Run Property MapSettings - Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings. Structure is documented below.
- scope Property Map
- Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty. Structure is documented below.
GcpUserAccessBindingScopedAccessSettingActiveSettings, GcpUserAccessBindingScopedAccessSettingActiveSettingsArgs
- Access
Levels List<string> - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Session
Settings GcpUser Access Binding Scoped Access Setting Active Settings Session Settings - Optional. Session settings applied to user access on a given AccessScope. Structure is documented below.
- Access
Levels []string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Session
Settings GcpUser Access Binding Scoped Access Setting Active Settings Session Settings - Optional. Session settings applied to user access on a given AccessScope. Structure is documented below.
- access
Levels List<String> - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- session
Settings GcpUser Access Binding Scoped Access Setting Active Settings Session Settings - Optional. Session settings applied to user access on a given AccessScope. Structure is documented below.
- access
Levels string[] - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- session
Settings GcpUser Access Binding Scoped Access Setting Active Settings Session Settings - Optional. Session settings applied to user access on a given AccessScope. Structure is documented below.
- access_
levels Sequence[str] - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- session_
settings GcpUser Access Binding Scoped Access Setting Active Settings Session Settings - Optional. Session settings applied to user access on a given AccessScope. Structure is documented below.
- access
Levels List<String> - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- session
Settings Property Map - Optional. Session settings applied to user access on a given AccessScope. Structure is documented below.
GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings, GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettingsArgs
- Max
Inactivity string - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- Session
Length string - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- Session
Length boolEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- Session
Reauth stringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - Use
Oidc boolMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- Max
Inactivity string - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- Session
Length string - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- Session
Length boolEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- Session
Reauth stringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - Use
Oidc boolMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max
Inactivity String - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session
Length String - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session
Length BooleanEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session
Reauth StringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use
Oidc BooleanMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max
Inactivity string - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session
Length string - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session
Length booleanEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session
Reauth stringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use
Oidc booleanMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max_
inactivity str - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session_
length str - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session_
length_ boolenabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session_
reauth_ strmethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use_
oidc_ boolmax_ age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max
Inactivity String - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session
Length String - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session
Length BooleanEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session
Reauth StringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use
Oidc BooleanMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
GcpUserAccessBindingScopedAccessSettingDryRunSettings, GcpUserAccessBindingScopedAccessSettingDryRunSettingsArgs
- Access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- access
Levels String - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- access
Levels string - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- access_
levels str - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- access
Levels String - Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
GcpUserAccessBindingScopedAccessSettingScope, GcpUserAccessBindingScopedAccessSettingScopeArgs
- Client
Scope GcpUser Access Binding Scoped Access Setting Scope Client Scope - Optional. Client scope for this access scope. Structure is documented below.
- Client
Scope GcpUser Access Binding Scoped Access Setting Scope Client Scope - Optional. Client scope for this access scope. Structure is documented below.
- client
Scope GcpUser Access Binding Scoped Access Setting Scope Client Scope - Optional. Client scope for this access scope. Structure is documented below.
- client
Scope GcpUser Access Binding Scoped Access Setting Scope Client Scope - Optional. Client scope for this access scope. Structure is documented below.
- client_
scope GcpUser Access Binding Scoped Access Setting Scope Client Scope - Optional. Client scope for this access scope. Structure is documented below.
- client
Scope Property Map - Optional. Client scope for this access scope. Structure is documented below.
GcpUserAccessBindingScopedAccessSettingScopeClientScope, GcpUserAccessBindingScopedAccessSettingScopeClientScopeArgs
- Restricted
Client GcpApplication User Access Binding Scoped Access Setting Scope Client Scope Restricted Client Application - Optional. The application that is subject to this binding's scope. Structure is documented below.
- Restricted
Client GcpApplication User Access Binding Scoped Access Setting Scope Client Scope Restricted Client Application - Optional. The application that is subject to this binding's scope. Structure is documented below.
- restricted
Client GcpApplication User Access Binding Scoped Access Setting Scope Client Scope Restricted Client Application - Optional. The application that is subject to this binding's scope. Structure is documented below.
- restricted
Client GcpApplication User Access Binding Scoped Access Setting Scope Client Scope Restricted Client Application - Optional. The application that is subject to this binding's scope. Structure is documented below.
- restricted_
client_ Gcpapplication User Access Binding Scoped Access Setting Scope Client Scope Restricted Client Application - Optional. The application that is subject to this binding's scope. Structure is documented below.
- restricted
Client Property MapApplication - Optional. The application that is subject to this binding's scope. Structure is documented below.
GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication, GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplicationArgs
- Client
Id string - The OAuth client ID of the application.
- Client
Id string - The OAuth client ID of the application.
- client
Id String - The OAuth client ID of the application.
- client
Id string - The OAuth client ID of the application.
- client_
id str - The OAuth client ID of the application.
- client
Id String - The OAuth client ID of the application.
GcpUserAccessBindingSessionSettings, GcpUserAccessBindingSessionSettingsArgs
- Max
Inactivity string - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- Session
Length string - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- Session
Length boolEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- Session
Reauth stringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - Use
Oidc boolMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- Max
Inactivity string - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- Session
Length string - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- Session
Length boolEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- Session
Reauth stringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - Use
Oidc boolMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max
Inactivity String - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session
Length String - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session
Length BooleanEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session
Reauth StringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use
Oidc BooleanMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max
Inactivity string - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session
Length string - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session
Length booleanEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session
Reauth stringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use
Oidc booleanMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max_
inactivity str - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session_
length str - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session_
length_ boolenabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session_
reauth_ strmethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use_
oidc_ boolmax_ age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
- max
Inactivity String - Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
- session
Length String - Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
- session
Length BooleanEnabled - Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
- session
Reauth StringMethod - Optional. The session challenges proposed to users when the Google Cloud session length is up.
Possible values are:
LOGIN,SECURITY_KEY,PASSWORD. - use
Oidc BooleanMax Age - Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
Import
GcpUserAccessBinding can be imported using any of these accepted formats:
{{name}}
When using the pulumi import command, GcpUserAccessBinding can be imported using one of the formats above. For example:
$ pulumi import gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.