1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. iam
  5. AccessBoundaryPolicy
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

gcp.iam.AccessBoundaryPolicy

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

    Represents a collection of access boundary policies to apply to a given resource. NOTE: This is a private feature and users should contact GCP support if they would like to test it.

    Example Usage

    Iam Access Boundary Policy Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as std from "@pulumi/std";
    
    const project = new gcp.organizations.Project("project", {
        projectId: "my-project",
        name: "my-project",
        orgId: "123456789",
        billingAccount: "000000-0000000-0000000-000000",
    });
    const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
        parent: project.orgId.apply(orgId => `organizations/${orgId}`),
        title: "my policy",
    });
    const test_access = new gcp.accesscontextmanager.AccessLevel("test-access", {
        parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
        name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
        title: "chromeos_no_lock",
        basic: {
            conditions: [{
                devicePolicy: {
                    requireScreenLock: true,
                    osConstraints: [{
                        osType: "DESKTOP_CHROME_OS",
                    }],
                },
                regions: [
                    "CH",
                    "IT",
                    "US",
                ],
            }],
        },
    });
    const example = new gcp.iam.AccessBoundaryPolicy("example", {
        parent: std.urlencodeOutput({
            input: pulumi.interpolate`cloudresourcemanager.googleapis.com/projects/${project.projectId}`,
        }).apply(invoke => invoke.result),
        name: "my-ab-policy",
        displayName: "My AB policy",
        rules: [{
            description: "AB rule",
            accessBoundaryRule: {
                availableResource: "*",
                availablePermissions: ["*"],
                availabilityCondition: {
                    title: "Access level expr",
                    expression: pulumi.all([project.orgId, test_access.name]).apply(([orgId, name]) => `request.matchAccessLevels('${orgId}', ['${name}'])`),
                },
            },
        }],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_std as std
    
    project = gcp.organizations.Project("project",
        project_id="my-project",
        name="my-project",
        org_id="123456789",
        billing_account="000000-0000000-0000000-000000")
    access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
        parent=project.org_id.apply(lambda org_id: f"organizations/{org_id}"),
        title="my policy")
    test_access = gcp.accesscontextmanager.AccessLevel("test-access",
        parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
        name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
        title="chromeos_no_lock",
        basic=gcp.accesscontextmanager.AccessLevelBasicArgs(
            conditions=[gcp.accesscontextmanager.AccessLevelBasicConditionArgs(
                device_policy=gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs(
                    require_screen_lock=True,
                    os_constraints=[gcp.accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs(
                        os_type="DESKTOP_CHROME_OS",
                    )],
                ),
                regions=[
                    "CH",
                    "IT",
                    "US",
                ],
            )],
        ))
    example = gcp.iam.AccessBoundaryPolicy("example",
        parent=std.urlencode_output(input=project.project_id.apply(lambda project_id: f"cloudresourcemanager.googleapis.com/projects/{project_id}")).apply(lambda invoke: invoke.result),
        name="my-ab-policy",
        display_name="My AB policy",
        rules=[gcp.iam.AccessBoundaryPolicyRuleArgs(
            description="AB rule",
            access_boundary_rule=gcp.iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs(
                available_resource="*",
                available_permissions=["*"],
                availability_condition=gcp.iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs(
                    title="Access level expr",
                    expression=pulumi.Output.all(project.org_id, test_access.name).apply(lambda org_id, name: f"request.matchAccessLevels('{org_id}', ['{name}'])"),
                ),
            ),
        )])
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
    			ProjectId:      pulumi.String("my-project"),
    			Name:           pulumi.String("my-project"),
    			OrgId:          pulumi.String("123456789"),
    			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
    			Parent: project.OrgId.ApplyT(func(orgId *string) (string, error) {
    				return fmt.Sprintf("organizations/%v", orgId), nil
    			}).(pulumi.StringOutput),
    			Title: pulumi.String("my policy"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = accesscontextmanager.NewAccessLevel(ctx, "test-access", &accesscontextmanager.AccessLevelArgs{
    			Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
    				return fmt.Sprintf("accessPolicies/%v", name), nil
    			}).(pulumi.StringOutput),
    			Name: access_policy.Name.ApplyT(func(name string) (string, error) {
    				return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
    			}).(pulumi.StringOutput),
    			Title: pulumi.String("chromeos_no_lock"),
    			Basic: &accesscontextmanager.AccessLevelBasicArgs{
    				Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
    					&accesscontextmanager.AccessLevelBasicConditionArgs{
    						DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
    							RequireScreenLock: pulumi.Bool(true),
    							OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
    								&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
    									OsType: pulumi.String("DESKTOP_CHROME_OS"),
    								},
    							},
    						},
    						Regions: pulumi.StringArray{
    							pulumi.String("CH"),
    							pulumi.String("IT"),
    							pulumi.String("US"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewAccessBoundaryPolicy(ctx, "example", &iam.AccessBoundaryPolicyArgs{
    			Parent: std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{
    				Input: project.ProjectId.ApplyT(func(projectId string) (string, error) {
    					return fmt.Sprintf("cloudresourcemanager.googleapis.com/projects/%v", projectId), nil
    				}).(pulumi.StringOutput),
    			}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {
    				return invoke.Result, nil
    			}).(pulumi.StringPtrOutput),
    			Name:        pulumi.String("my-ab-policy"),
    			DisplayName: pulumi.String("My AB policy"),
    			Rules: iam.AccessBoundaryPolicyRuleArray{
    				&iam.AccessBoundaryPolicyRuleArgs{
    					Description: pulumi.String("AB rule"),
    					AccessBoundaryRule: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{
    						AvailableResource: pulumi.String("*"),
    						AvailablePermissions: pulumi.StringArray{
    							pulumi.String("*"),
    						},
    						AvailabilityCondition: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{
    							Title: pulumi.String("Access level expr"),
    							Expression: pulumi.All(project.OrgId, test_access.Name).ApplyT(func(_args []interface{}) (string, error) {
    								orgId := _args[0].(*string)
    								name := _args[1].(string)
    								return fmt.Sprintf("request.matchAccessLevels('%v', ['%v'])", orgId, name), nil
    							}).(pulumi.StringOutput),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var project = new Gcp.Organizations.Project("project", new()
        {
            ProjectId = "my-project",
            Name = "my-project",
            OrgId = "123456789",
            BillingAccount = "000000-0000000-0000000-000000",
        });
    
        var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
        {
            Parent = project.OrgId.Apply(orgId => $"organizations/{orgId}"),
            Title = "my policy",
        });
    
        var test_access = new Gcp.AccessContextManager.AccessLevel("test-access", new()
        {
            Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
            Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
            Title = "chromeos_no_lock",
            Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs
            {
                Conditions = new[]
                {
                    new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs
                    {
                        DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs
                        {
                            RequireScreenLock = true,
                            OsConstraints = new[]
                            {
                                new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs
                                {
                                    OsType = "DESKTOP_CHROME_OS",
                                },
                            },
                        },
                        Regions = new[]
                        {
                            "CH",
                            "IT",
                            "US",
                        },
                    },
                },
            },
        });
    
        var example = new Gcp.Iam.AccessBoundaryPolicy("example", new()
        {
            Parent = Std.Urlencode.Invoke(new()
            {
                Input = project.ProjectId.Apply(projectId => $"cloudresourcemanager.googleapis.com/projects/{projectId}"),
            }).Apply(invoke => invoke.Result),
            Name = "my-ab-policy",
            DisplayName = "My AB policy",
            Rules = new[]
            {
                new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleArgs
                {
                    Description = "AB rule",
                    AccessBoundaryRule = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs
                    {
                        AvailableResource = "*",
                        AvailablePermissions = new[]
                        {
                            "*",
                        },
                        AvailabilityCondition = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs
                        {
                            Title = "Access level expr",
                            Expression = Output.Tuple(project.OrgId, test_access.Name).Apply(values =>
                            {
                                var orgId = values.Item1;
                                var name = values.Item2;
                                return $"request.matchAccessLevels('{orgId}', ['{name}'])";
                            }),
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.Project;
    import com.pulumi.gcp.organizations.ProjectArgs;
    import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
    import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
    import com.pulumi.gcp.accesscontextmanager.AccessLevel;
    import com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;
    import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;
    import com.pulumi.gcp.iam.AccessBoundaryPolicy;
    import com.pulumi.gcp.iam.AccessBoundaryPolicyArgs;
    import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleArgs;
    import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs;
    import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var project = new Project("project", ProjectArgs.builder()        
                .projectId("my-project")
                .name("my-project")
                .orgId("123456789")
                .billingAccount("000000-0000000-0000000-000000")
                .build());
    
            var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()        
                .parent(project.orgId().applyValue(orgId -> String.format("organizations/%s", orgId)))
                .title("my policy")
                .build());
    
            var test_access = new AccessLevel("test-access", AccessLevelArgs.builder()        
                .parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
                .name(access_policy.name().applyValue(name -> String.format("accessPolicies/%s/accessLevels/chromeos_no_lock", name)))
                .title("chromeos_no_lock")
                .basic(AccessLevelBasicArgs.builder()
                    .conditions(AccessLevelBasicConditionArgs.builder()
                        .devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()
                            .requireScreenLock(true)
                            .osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()
                                .osType("DESKTOP_CHROME_OS")
                                .build())
                            .build())
                        .regions(                    
                            "CH",
                            "IT",
                            "US")
                        .build())
                    .build())
                .build());
    
            var example = new AccessBoundaryPolicy("example", AccessBoundaryPolicyArgs.builder()        
                .parent(StdFunctions.urlencode().applyValue(invoke -> invoke.result()))
                .name("my-ab-policy")
                .displayName("My AB policy")
                .rules(AccessBoundaryPolicyRuleArgs.builder()
                    .description("AB rule")
                    .accessBoundaryRule(AccessBoundaryPolicyRuleAccessBoundaryRuleArgs.builder()
                        .availableResource("*")
                        .availablePermissions("*")
                        .availabilityCondition(AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs.builder()
                            .title("Access level expr")
                            .expression(Output.tuple(project.orgId(), test_access.name()).applyValue(values -> {
                                var orgId = values.t1;
                                var name = values.t2;
                                return String.format("request.matchAccessLevels('%s', ['%s'])", orgId,name);
                            }))
                            .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      project:
        type: gcp:organizations:Project
        properties:
          projectId: my-project
          name: my-project
          orgId: '123456789'
          billingAccount: 000000-0000000-0000000-000000
      test-access:
        type: gcp:accesscontextmanager:AccessLevel
        properties:
          parent: accessPolicies/${["access-policy"].name}
          name: accessPolicies/${["access-policy"].name}/accessLevels/chromeos_no_lock
          title: chromeos_no_lock
          basic:
            conditions:
              - devicePolicy:
                  requireScreenLock: true
                  osConstraints:
                    - osType: DESKTOP_CHROME_OS
                regions:
                  - CH
                  - IT
                  - US
      access-policy:
        type: gcp:accesscontextmanager:AccessPolicy
        properties:
          parent: organizations/${project.orgId}
          title: my policy
      example:
        type: gcp:iam:AccessBoundaryPolicy
        properties:
          parent:
            fn::invoke:
              Function: std:urlencode
              Arguments:
                input: cloudresourcemanager.googleapis.com/projects/${project.projectId}
              Return: result
          name: my-ab-policy
          displayName: My AB policy
          rules:
            - description: AB rule
              accessBoundaryRule:
                availableResource: '*'
                availablePermissions:
                  - '*'
                availabilityCondition:
                  title: Access level expr
                  expression: request.matchAccessLevels('${project.orgId}', ['${["test-access"].name}'])
    

    Create AccessBoundaryPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccessBoundaryPolicy(name: string, args: AccessBoundaryPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AccessBoundaryPolicy(resource_name: str,
                             args: AccessBoundaryPolicyArgs,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccessBoundaryPolicy(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             parent: Optional[str] = None,
                             rules: Optional[Sequence[AccessBoundaryPolicyRuleArgs]] = None,
                             display_name: Optional[str] = None,
                             name: Optional[str] = None)
    func NewAccessBoundaryPolicy(ctx *Context, name string, args AccessBoundaryPolicyArgs, opts ...ResourceOption) (*AccessBoundaryPolicy, error)
    public AccessBoundaryPolicy(string name, AccessBoundaryPolicyArgs args, CustomResourceOptions? opts = null)
    public AccessBoundaryPolicy(String name, AccessBoundaryPolicyArgs args)
    public AccessBoundaryPolicy(String name, AccessBoundaryPolicyArgs args, CustomResourceOptions options)
    
    type: gcp:iam:AccessBoundaryPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccessBoundaryPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessBoundaryPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessBoundaryPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessBoundaryPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessBoundaryPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var accessBoundaryPolicyResource = new Gcp.Iam.AccessBoundaryPolicy("accessBoundaryPolicyResource", new()
    {
        Parent = "string",
        Rules = new[]
        {
            new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleArgs
            {
                AccessBoundaryRule = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs
                {
                    AvailabilityCondition = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs
                    {
                        Expression = "string",
                        Description = "string",
                        Location = "string",
                        Title = "string",
                    },
                    AvailablePermissions = new[]
                    {
                        "string",
                    },
                    AvailableResource = "string",
                },
                Description = "string",
            },
        },
        DisplayName = "string",
        Name = "string",
    });
    
    example, err := iam.NewAccessBoundaryPolicy(ctx, "accessBoundaryPolicyResource", &iam.AccessBoundaryPolicyArgs{
    	Parent: pulumi.String("string"),
    	Rules: iam.AccessBoundaryPolicyRuleArray{
    		&iam.AccessBoundaryPolicyRuleArgs{
    			AccessBoundaryRule: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{
    				AvailabilityCondition: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{
    					Expression:  pulumi.String("string"),
    					Description: pulumi.String("string"),
    					Location:    pulumi.String("string"),
    					Title:       pulumi.String("string"),
    				},
    				AvailablePermissions: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				AvailableResource: pulumi.String("string"),
    			},
    			Description: pulumi.String("string"),
    		},
    	},
    	DisplayName: pulumi.String("string"),
    	Name:        pulumi.String("string"),
    })
    
    var accessBoundaryPolicyResource = new AccessBoundaryPolicy("accessBoundaryPolicyResource", AccessBoundaryPolicyArgs.builder()        
        .parent("string")
        .rules(AccessBoundaryPolicyRuleArgs.builder()
            .accessBoundaryRule(AccessBoundaryPolicyRuleAccessBoundaryRuleArgs.builder()
                .availabilityCondition(AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs.builder()
                    .expression("string")
                    .description("string")
                    .location("string")
                    .title("string")
                    .build())
                .availablePermissions("string")
                .availableResource("string")
                .build())
            .description("string")
            .build())
        .displayName("string")
        .name("string")
        .build());
    
    access_boundary_policy_resource = gcp.iam.AccessBoundaryPolicy("accessBoundaryPolicyResource",
        parent="string",
        rules=[gcp.iam.AccessBoundaryPolicyRuleArgs(
            access_boundary_rule=gcp.iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs(
                availability_condition=gcp.iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs(
                    expression="string",
                    description="string",
                    location="string",
                    title="string",
                ),
                available_permissions=["string"],
                available_resource="string",
            ),
            description="string",
        )],
        display_name="string",
        name="string")
    
    const accessBoundaryPolicyResource = new gcp.iam.AccessBoundaryPolicy("accessBoundaryPolicyResource", {
        parent: "string",
        rules: [{
            accessBoundaryRule: {
                availabilityCondition: {
                    expression: "string",
                    description: "string",
                    location: "string",
                    title: "string",
                },
                availablePermissions: ["string"],
                availableResource: "string",
            },
            description: "string",
        }],
        displayName: "string",
        name: "string",
    });
    
    type: gcp:iam:AccessBoundaryPolicy
    properties:
        displayName: string
        name: string
        parent: string
        rules:
            - accessBoundaryRule:
                availabilityCondition:
                    description: string
                    expression: string
                    location: string
                    title: string
                availablePermissions:
                    - string
                availableResource: string
              description: string
    

    AccessBoundaryPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccessBoundaryPolicy resource accepts the following input properties:

    Parent string
    The attachment point is identified by its URL-encoded full resource name.
    Rules List<AccessBoundaryPolicyRule>
    Rules to be applied. Structure is documented below.
    DisplayName string
    The display name of the rule.
    Name string
    The name of the policy.
    Parent string
    The attachment point is identified by its URL-encoded full resource name.
    Rules []AccessBoundaryPolicyRuleArgs
    Rules to be applied. Structure is documented below.
    DisplayName string
    The display name of the rule.
    Name string
    The name of the policy.
    parent String
    The attachment point is identified by its URL-encoded full resource name.
    rules List<AccessBoundaryPolicyRule>
    Rules to be applied. Structure is documented below.
    displayName String
    The display name of the rule.
    name String
    The name of the policy.
    parent string
    The attachment point is identified by its URL-encoded full resource name.
    rules AccessBoundaryPolicyRule[]
    Rules to be applied. Structure is documented below.
    displayName string
    The display name of the rule.
    name string
    The name of the policy.
    parent str
    The attachment point is identified by its URL-encoded full resource name.
    rules Sequence[AccessBoundaryPolicyRuleArgs]
    Rules to be applied. Structure is documented below.
    display_name str
    The display name of the rule.
    name str
    The name of the policy.
    parent String
    The attachment point is identified by its URL-encoded full resource name.
    rules List<Property Map>
    Rules to be applied. Structure is documented below.
    displayName String
    The display name of the rule.
    name String
    The name of the policy.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessBoundaryPolicy resource produces the following output properties:

    Etag string
    The hash of the resource. Used internally during updates.
    Id string
    The provider-assigned unique ID for this managed resource.
    Etag string
    The hash of the resource. Used internally during updates.
    Id string
    The provider-assigned unique ID for this managed resource.
    etag String
    The hash of the resource. Used internally during updates.
    id String
    The provider-assigned unique ID for this managed resource.
    etag string
    The hash of the resource. Used internally during updates.
    id string
    The provider-assigned unique ID for this managed resource.
    etag str
    The hash of the resource. Used internally during updates.
    id str
    The provider-assigned unique ID for this managed resource.
    etag String
    The hash of the resource. Used internally during updates.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AccessBoundaryPolicy Resource

    Get an existing AccessBoundaryPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessBoundaryPolicyState, opts?: CustomResourceOptions): AccessBoundaryPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            display_name: Optional[str] = None,
            etag: Optional[str] = None,
            name: Optional[str] = None,
            parent: Optional[str] = None,
            rules: Optional[Sequence[AccessBoundaryPolicyRuleArgs]] = None) -> AccessBoundaryPolicy
    func GetAccessBoundaryPolicy(ctx *Context, name string, id IDInput, state *AccessBoundaryPolicyState, opts ...ResourceOption) (*AccessBoundaryPolicy, error)
    public static AccessBoundaryPolicy Get(string name, Input<string> id, AccessBoundaryPolicyState? state, CustomResourceOptions? opts = null)
    public static AccessBoundaryPolicy get(String name, Output<String> id, AccessBoundaryPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DisplayName string
    The display name of the rule.
    Etag string
    The hash of the resource. Used internally during updates.
    Name string
    The name of the policy.
    Parent string
    The attachment point is identified by its URL-encoded full resource name.
    Rules List<AccessBoundaryPolicyRule>
    Rules to be applied. Structure is documented below.
    DisplayName string
    The display name of the rule.
    Etag string
    The hash of the resource. Used internally during updates.
    Name string
    The name of the policy.
    Parent string
    The attachment point is identified by its URL-encoded full resource name.
    Rules []AccessBoundaryPolicyRuleArgs
    Rules to be applied. Structure is documented below.
    displayName String
    The display name of the rule.
    etag String
    The hash of the resource. Used internally during updates.
    name String
    The name of the policy.
    parent String
    The attachment point is identified by its URL-encoded full resource name.
    rules List<AccessBoundaryPolicyRule>
    Rules to be applied. Structure is documented below.
    displayName string
    The display name of the rule.
    etag string
    The hash of the resource. Used internally during updates.
    name string
    The name of the policy.
    parent string
    The attachment point is identified by its URL-encoded full resource name.
    rules AccessBoundaryPolicyRule[]
    Rules to be applied. Structure is documented below.
    display_name str
    The display name of the rule.
    etag str
    The hash of the resource. Used internally during updates.
    name str
    The name of the policy.
    parent str
    The attachment point is identified by its URL-encoded full resource name.
    rules Sequence[AccessBoundaryPolicyRuleArgs]
    Rules to be applied. Structure is documented below.
    displayName String
    The display name of the rule.
    etag String
    The hash of the resource. Used internally during updates.
    name String
    The name of the policy.
    parent String
    The attachment point is identified by its URL-encoded full resource name.
    rules List<Property Map>
    Rules to be applied. Structure is documented below.

    Supporting Types

    AccessBoundaryPolicyRule, AccessBoundaryPolicyRuleArgs

    AccessBoundaryRule AccessBoundaryPolicyRuleAccessBoundaryRule
    An access boundary rule in an IAM policy. Structure is documented below.
    Description string
    The description of the rule.
    AccessBoundaryRule AccessBoundaryPolicyRuleAccessBoundaryRule
    An access boundary rule in an IAM policy. Structure is documented below.
    Description string
    The description of the rule.
    accessBoundaryRule AccessBoundaryPolicyRuleAccessBoundaryRule
    An access boundary rule in an IAM policy. Structure is documented below.
    description String
    The description of the rule.
    accessBoundaryRule AccessBoundaryPolicyRuleAccessBoundaryRule
    An access boundary rule in an IAM policy. Structure is documented below.
    description string
    The description of the rule.
    access_boundary_rule AccessBoundaryPolicyRuleAccessBoundaryRule
    An access boundary rule in an IAM policy. Structure is documented below.
    description str
    The description of the rule.
    accessBoundaryRule Property Map
    An access boundary rule in an IAM policy. Structure is documented below.
    description String
    The description of the rule.

    AccessBoundaryPolicyRuleAccessBoundaryRule, AccessBoundaryPolicyRuleAccessBoundaryRuleArgs

    AvailabilityCondition AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition
    The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
    AvailablePermissions List<string>
    A list of permissions that may be allowed for use on the specified resource.
    AvailableResource string
    The full resource name of a Google Cloud resource entity.
    AvailabilityCondition AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition
    The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
    AvailablePermissions []string
    A list of permissions that may be allowed for use on the specified resource.
    AvailableResource string
    The full resource name of a Google Cloud resource entity.
    availabilityCondition AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition
    The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
    availablePermissions List<String>
    A list of permissions that may be allowed for use on the specified resource.
    availableResource String
    The full resource name of a Google Cloud resource entity.
    availabilityCondition AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition
    The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
    availablePermissions string[]
    A list of permissions that may be allowed for use on the specified resource.
    availableResource string
    The full resource name of a Google Cloud resource entity.
    availability_condition AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition
    The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
    available_permissions Sequence[str]
    A list of permissions that may be allowed for use on the specified resource.
    available_resource str
    The full resource name of a Google Cloud resource entity.
    availabilityCondition Property Map
    The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
    availablePermissions List<String>
    A list of permissions that may be allowed for use on the specified resource.
    availableResource String
    The full resource name of a Google Cloud resource entity.

    AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition, AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs

    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.


    Title string
    Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    Expression string
    Textual representation of an expression in Common Expression Language syntax.
    Description string
    Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    Location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.


    Title string
    Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.


    title String
    Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    expression string
    Textual representation of an expression in Common Expression Language syntax.
    description string
    Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    location string
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.


    title string
    Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    expression str
    Textual representation of an expression in Common Expression Language syntax.
    description str
    Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    location str
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.


    title str
    Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
    expression String
    Textual representation of an expression in Common Expression Language syntax.
    description String
    Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
    location String
    String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.


    title String
    Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

    Import

    AccessBoundaryPolicy can be imported using any of these accepted formats:

    • {{parent}}/{{name}}

    When using the pulumi import command, AccessBoundaryPolicy can be imported using one of the formats above. For example:

    $ pulumi import gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy default {{parent}}/{{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi