Docs
PackagesGoogle Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi
gcp.accesscontextmanager.GcpUserAccessBinding
Explore with Pulumi AI
Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
To get more information about GcpUserAccessBinding, see:
Example Usage
Access Context Manager Gcp User Access Binding Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const group = new gcp.cloudidentity.Group("group", {
displayName: "my-identity-group",
parent: "customers/A01b123xz",
groupKey: {
id: "my-identity-group@example.com",
},
labels: {
"cloudidentity.googleapis.com/groups.discussion_forum": "",
},
});
const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
parent: "organizations/123456789",
title: "my policy",
});
const accessLevelIdForUserAccessBinding = new gcp.accesscontextmanager.AccessLevel("access_level_id_for_user_access_binding", {
parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
title: "chromeos_no_lock",
basic: {
conditions: [{
devicePolicy: {
requireScreenLock: true,
osConstraints: [{
osType: "DESKTOP_CHROME_OS",
}],
},
regions: ["US"],
}],
},
});
const gcpUserAccessBinding = new gcp.accesscontextmanager.GcpUserAccessBinding("gcp_user_access_binding", {
organizationId: "123456789",
groupKey: std.trimprefixOutput({
input: group.id,
prefix: "groups/",
}).apply(invoke => invoke.result),
accessLevels: accessLevelIdForUserAccessBinding.name,
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
group = gcp.cloudidentity.Group("group",
display_name="my-identity-group",
parent="customers/A01b123xz",
group_key=gcp.cloudidentity.GroupGroupKeyArgs(
id="my-identity-group@example.com",
),
labels={
"cloudidentity.googleapis.com/groups.discussion_forum": "",
})
access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
parent="organizations/123456789",
title="my policy")
access_level_id_for_user_access_binding = gcp.accesscontextmanager.AccessLevel("access_level_id_for_user_access_binding",
parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
title="chromeos_no_lock",
basic=gcp.accesscontextmanager.AccessLevelBasicArgs(
conditions=[gcp.accesscontextmanager.AccessLevelBasicConditionArgs(
device_policy=gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs(
require_screen_lock=True,
os_constraints=[gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs(
os_type="DESKTOP_CHROME_OS",
)],
),
regions=["US"],
)],
))
gcp_user_access_binding = gcp.accesscontextmanager.GcpUserAccessBinding("gcp_user_access_binding",
organization_id="123456789",
group_key=std.trimprefix_output(input=group.id,
prefix="groups/").apply(lambda invoke: invoke.result),
access_levels=access_level_id_for_user_access_binding.name)
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudidentity"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
group, err := cloudidentity.NewGroup(ctx, "group", &cloudidentity.GroupArgs{
DisplayName: pulumi.String("my-identity-group"),
Parent: pulumi.String("customers/A01b123xz"),
GroupKey: &cloudidentity.GroupGroupKeyArgs{
Id: pulumi.String("my-identity-group@example.com"),
},
Labels: pulumi.StringMap{
"cloudidentity.googleapis.com/groups.discussion_forum": pulumi.String(""),
},
})
if err != nil {
return err
}
_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
Parent: pulumi.String("organizations/123456789"),
Title: pulumi.String("my policy"),
})
if err != nil {
return err
}
accessLevelIdForUserAccessBinding, err := accesscontextmanager.NewAccessLevel(ctx, "access_level_id_for_user_access_binding", &accesscontextmanager.AccessLevelArgs{
Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("accessPolicies/%v", name), nil
}).(pulumi.StringOutput),
Name: access_policy.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
}).(pulumi.StringOutput),
Title: pulumi.String("chromeos_no_lock"),
Basic: &accesscontextmanager.AccessLevelBasicArgs{
Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
&accesscontextmanager.AccessLevelBasicConditionArgs{
DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
RequireScreenLock: pulumi.Bool(true),
OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
OsType: pulumi.String("DESKTOP_CHROME_OS"),
},
},
},
Regions: pulumi.StringArray{
pulumi.String("US"),
},
},
},
},
})
if err != nil {
return err
}
_, err = accesscontextmanager.NewGcpUserAccessBinding(ctx, "gcp_user_access_binding", &accesscontextmanager.GcpUserAccessBindingArgs{
OrganizationId: pulumi.String("123456789"),
GroupKey: std.TrimprefixOutput(ctx, std.TrimprefixOutputArgs{
Input: group.ID(),
Prefix: pulumi.String("groups/"),
}, nil).ApplyT(func(invoke std.TrimprefixResult) (*string, error) {
return invoke.Result, nil
}).(pulumi.StringPtrOutput),
AccessLevels: accessLevelIdForUserAccessBinding.Name,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @group = new Gcp.CloudIdentity.Group("group", new()
{
DisplayName = "my-identity-group",
Parent = "customers/A01b123xz",
GroupKey = new Gcp.CloudIdentity.Inputs.GroupGroupKeyArgs
{
Id = "my-identity-group@example.com",
},
Labels =
{
{ "cloudidentity.googleapis.com/groups.discussion_forum", "" },
},
});
var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
{
Parent = "organizations/123456789",
Title = "my policy",
});
var accessLevelIdForUserAccessBinding = new Gcp.AccessContextManager.AccessLevel("access_level_id_for_user_access_binding", new()
{
Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
Title = "chromeos_no_lock",
Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs
{
Conditions = new[]
{
new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs
{
DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs
{
RequireScreenLock = true,
OsConstraints = new[]
{
new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs
{
OsType = "DESKTOP_CHROME_OS",
},
},
},
Regions = new[]
{
"US",
},
},
},
},
});
var gcpUserAccessBinding = new Gcp.AccessContextManager.GcpUserAccessBinding("gcp_user_access_binding", new()
{
OrganizationId = "123456789",
GroupKey = Std.Trimprefix.Invoke(new()
{
Input = @group.Id,
Prefix = "groups/",
}).Apply(invoke => invoke.Result),
AccessLevels = accessLevelIdForUserAccessBinding.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.cloudidentity.Group;
import com.pulumi.gcp.cloudidentity.GroupArgs;
import com.pulumi.gcp.cloudidentity.inputs.GroupGroupKeyArgs;
import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
import com.pulumi.gcp.accesscontextmanager.AccessLevel;
import com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;
import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;
import com.pulumi.gcp.accesscontextmanager.GcpUserAccessBinding;
import com.pulumi.gcp.accesscontextmanager.GcpUserAccessBindingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var group = new Group("group", GroupArgs.builder()
.displayName("my-identity-group")
.parent("customers/A01b123xz")
.groupKey(GroupGroupKeyArgs.builder()
.id("my-identity-group@example.com")
.build())
.labels(Map.of("cloudidentity.googleapis.com/groups.discussion_forum", ""))
.build());
var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
.parent("organizations/123456789")
.title("my policy")
.build());
var accessLevelIdForUserAccessBinding = new AccessLevel("accessLevelIdForUserAccessBinding", AccessLevelArgs.builder()
.parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
.name(access_policy.name().applyValue(name -> String.format("accessPolicies/%s/accessLevels/chromeos_no_lock", name)))
.title("chromeos_no_lock")
.basic(AccessLevelBasicArgs.builder()
.conditions(AccessLevelBasicConditionArgs.builder()
.devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()
.requireScreenLock(true)
.osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()
.osType("DESKTOP_CHROME_OS")
.build())
.build())
.regions("US")
.build())
.build())
.build());
var gcpUserAccessBinding = new GcpUserAccessBinding("gcpUserAccessBinding", GcpUserAccessBindingArgs.builder()
.organizationId("123456789")
.groupKey(StdFunctions.trimprefix().applyValue(invoke -> invoke.result()))
.accessLevels(accessLevelIdForUserAccessBinding.name())
.build());
}
}
resources:
group:
type: gcp:cloudidentity:Group
properties:
displayName: my-identity-group
parent: customers/A01b123xz
groupKey:
id: my-identity-group@example.com
labels:
cloudidentity.googleapis.com/groups.discussion_forum:
accessLevelIdForUserAccessBinding:
type: gcp:accesscontextmanager:AccessLevel
name: access_level_id_for_user_access_binding
properties:
parent: accessPolicies/${["access-policy"].name}
name: accessPolicies/${["access-policy"].name}/accessLevels/chromeos_no_lock
title: chromeos_no_lock
basic:
conditions:
- devicePolicy:
requireScreenLock: true
osConstraints:
- osType: DESKTOP_CHROME_OS
regions:
- US
access-policy:
type: gcp:accesscontextmanager:AccessPolicy
properties:
parent: organizations/123456789
title: my policy
gcpUserAccessBinding:
type: gcp:accesscontextmanager:GcpUserAccessBinding
name: gcp_user_access_binding
properties:
organizationId: '123456789'
groupKey:
fn::invoke:
Function: std:trimprefix
Arguments:
input: ${group.id}
prefix: groups/
Return: result
accessLevels: ${accessLevelIdForUserAccessBinding.name}
Create GcpUserAccessBinding Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GcpUserAccessBinding(name: string, args: GcpUserAccessBindingArgs, opts?: CustomResourceOptions);@overload
def GcpUserAccessBinding(resource_name: str,
args: GcpUserAccessBindingArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GcpUserAccessBinding(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_levels: Optional[str] = None,
group_key: Optional[str] = None,
organization_id: Optional[str] = None)func NewGcpUserAccessBinding(ctx *Context, name string, args GcpUserAccessBindingArgs, opts ...ResourceOption) (*GcpUserAccessBinding, error)public GcpUserAccessBinding(string name, GcpUserAccessBindingArgs args, CustomResourceOptions? opts = null)
public GcpUserAccessBinding(String name, GcpUserAccessBindingArgs args)
public GcpUserAccessBinding(String name, GcpUserAccessBindingArgs args, CustomResourceOptions options)
type: gcp:accesscontextmanager:GcpUserAccessBinding
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GcpUserAccessBindingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var gcpUserAccessBindingResource = new Gcp.AccessContextManager.GcpUserAccessBinding("gcpUserAccessBindingResource", new()
{
AccessLevels = "string",
GroupKey = "string",
OrganizationId = "string",
});
example, err := accesscontextmanager.NewGcpUserAccessBinding(ctx, "gcpUserAccessBindingResource", &accesscontextmanager.GcpUserAccessBindingArgs{
AccessLevels: pulumi.String("string"),
GroupKey: pulumi.String("string"),
OrganizationId: pulumi.String("string"),
})
var gcpUserAccessBindingResource = new GcpUserAccessBinding("gcpUserAccessBindingResource", GcpUserAccessBindingArgs.builder()
.accessLevels("string")
.groupKey("string")
.organizationId("string")
.build());
gcp_user_access_binding_resource = gcp.accesscontextmanager.GcpUserAccessBinding("gcpUserAccessBindingResource",
access_levels="string",
group_key="string",
organization_id="string")
const gcpUserAccessBindingResource = new gcp.accesscontextmanager.GcpUserAccessBinding("gcpUserAccessBindingResource", {
accessLevels: "string",
groupKey: "string",
organizationId: "string",
});
type: gcp:accesscontextmanager:GcpUserAccessBinding
properties:
accessLevels: string
groupKey: string
organizationId: string
GcpUserAccessBinding Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The GcpUserAccessBinding resource accepts the following input properties:
- Access
Levels string - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Organization
Id string - Required. ID of the parent organization.
- Access
Levels string - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Organization
Id string - Required. ID of the parent organization.
- access
Levels String - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization
Id String - Required. ID of the parent organization.
- access
Levels string - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization
Id string - Required. ID of the parent organization.
- access_
levels str - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group_
key str - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization_
id str - Required. ID of the parent organization.
- access
Levels String - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- organization
Id String - Required. ID of the parent organization.
Outputs
All input properties are implicitly available as output properties. Additionally, the GcpUserAccessBinding resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Look up Existing GcpUserAccessBinding Resource
Get an existing GcpUserAccessBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GcpUserAccessBindingState, opts?: CustomResourceOptions): GcpUserAccessBinding@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_levels: Optional[str] = None,
group_key: Optional[str] = None,
name: Optional[str] = None,
organization_id: Optional[str] = None) -> GcpUserAccessBindingfunc GetGcpUserAccessBinding(ctx *Context, name string, id IDInput, state *GcpUserAccessBindingState, opts ...ResourceOption) (*GcpUserAccessBinding, error)public static GcpUserAccessBinding Get(string name, Input<string> id, GcpUserAccessBindingState? state, CustomResourceOptions? opts = null)public static GcpUserAccessBinding get(String name, Output<String> id, GcpUserAccessBindingState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Levels string - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- Organization
Id string - Required. ID of the parent organization.
- Access
Levels string - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- Group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- Name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- Organization
Id string - Required. ID of the parent organization.
- access
Levels String - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization
Id String - Required. ID of the parent organization.
- access
Levels string - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key string - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name string
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization
Id string - Required. ID of the parent organization.
- access_
levels str - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group_
key str - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name str
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization_
id str - Required. ID of the parent organization.
- access
Levels String - Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
- group
Key String - Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
- name String
- Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
- organization
Id String - Required. ID of the parent organization.
Import
GcpUserAccessBinding can be imported using any of these accepted formats:
{{name}}
When using the pulumi import command, GcpUserAccessBinding can be imported using one of the formats above. For example:
$ pulumi import gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.