gcp.iam.OrganizationsPolicyBinding
Explore with Pulumi AI
A policy binding to an organizations
To get more information about OrganizationsPolicyBinding, see:
- API documentation
- How-to Guides
Example Usage
Iam Organizations Policy Binding
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", {
organization: "123456789",
location: "global",
displayName: "test org binding",
principalAccessBoundaryPolicyId: "my-pab-policy",
});
const my_org_binding = new gcp.iam.OrganizationsPolicyBinding("my-org-binding", {
organization: "123456789",
location: "global",
displayName: "test org binding",
policyKind: "PRINCIPAL_ACCESS_BOUNDARY",
policyBindingId: "test-org-binding",
policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,
target: {
principalSet: "//cloudresourcemanager.googleapis.com/organizations/123456789",
},
});
import pulumi
import pulumi_gcp as gcp
pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
organization="123456789",
location="global",
display_name="test org binding",
principal_access_boundary_policy_id="my-pab-policy")
my_org_binding = gcp.iam.OrganizationsPolicyBinding("my-org-binding",
organization="123456789",
location="global",
display_name="test org binding",
policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
policy_binding_id="test-org-binding",
policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
target={
"principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, "pab_policy", &iam.PrincipalAccessBoundaryPolicyArgs{
Organization: pulumi.String("123456789"),
Location: pulumi.String("global"),
DisplayName: pulumi.String("test org binding"),
PrincipalAccessBoundaryPolicyId: pulumi.String("my-pab-policy"),
})
if err != nil {
return err
}
_, err = iam.NewOrganizationsPolicyBinding(ctx, "my-org-binding", &iam.OrganizationsPolicyBindingArgs{
Organization: pulumi.String("123456789"),
Location: pulumi.String("global"),
DisplayName: pulumi.String("test org binding"),
PolicyKind: pulumi.String("PRINCIPAL_ACCESS_BOUNDARY"),
PolicyBindingId: pulumi.String("test-org-binding"),
Policy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {
return fmt.Sprintf("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v", principalAccessBoundaryPolicyId), nil
}).(pulumi.StringOutput),
Target: &iam.OrganizationsPolicyBindingTargetArgs{
PrincipalSet: pulumi.String("//cloudresourcemanager.googleapis.com/organizations/123456789"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy("pab_policy", new()
{
Organization = "123456789",
Location = "global",
DisplayName = "test org binding",
PrincipalAccessBoundaryPolicyId = "my-pab-policy",
});
var my_org_binding = new Gcp.Iam.OrganizationsPolicyBinding("my-org-binding", new()
{
Organization = "123456789",
Location = "global",
DisplayName = "test org binding",
PolicyKind = "PRINCIPAL_ACCESS_BOUNDARY",
PolicyBindingId = "test-org-binding",
Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId => $"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}"),
Target = new Gcp.Iam.Inputs.OrganizationsPolicyBindingTargetArgs
{
PrincipalSet = "//cloudresourcemanager.googleapis.com/organizations/123456789",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;
import com.pulumi.gcp.iam.OrganizationsPolicyBinding;
import com.pulumi.gcp.iam.OrganizationsPolicyBindingArgs;
import com.pulumi.gcp.iam.inputs.OrganizationsPolicyBindingTargetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pabPolicy = new PrincipalAccessBoundaryPolicy("pabPolicy", PrincipalAccessBoundaryPolicyArgs.builder()
.organization("123456789")
.location("global")
.displayName("test org binding")
.principalAccessBoundaryPolicyId("my-pab-policy")
.build());
var my_org_binding = new OrganizationsPolicyBinding("my-org-binding", OrganizationsPolicyBindingArgs.builder()
.organization("123456789")
.location("global")
.displayName("test org binding")
.policyKind("PRINCIPAL_ACCESS_BOUNDARY")
.policyBindingId("test-org-binding")
.policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(principalAccessBoundaryPolicyId -> String.format("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s", principalAccessBoundaryPolicyId)))
.target(OrganizationsPolicyBindingTargetArgs.builder()
.principalSet("//cloudresourcemanager.googleapis.com/organizations/123456789")
.build())
.build());
}
}
resources:
pabPolicy:
type: gcp:iam:PrincipalAccessBoundaryPolicy
name: pab_policy
properties:
organization: '123456789'
location: global
displayName: test org binding
principalAccessBoundaryPolicyId: my-pab-policy
my-org-binding:
type: gcp:iam:OrganizationsPolicyBinding
properties:
organization: '123456789'
location: global
displayName: test org binding
policyKind: PRINCIPAL_ACCESS_BOUNDARY
policyBindingId: test-org-binding
policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}
target:
principalSet: //cloudresourcemanager.googleapis.com/organizations/123456789
Create OrganizationsPolicyBinding Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationsPolicyBinding(name: string, args: OrganizationsPolicyBindingArgs, opts?: CustomResourceOptions);
@overload
def OrganizationsPolicyBinding(resource_name: str,
args: OrganizationsPolicyBindingArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationsPolicyBinding(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[str] = None,
organization: Optional[str] = None,
policy: Optional[str] = None,
policy_binding_id: Optional[str] = None,
target: Optional[OrganizationsPolicyBindingTargetArgs] = None,
annotations: Optional[Mapping[str, str]] = None,
condition: Optional[OrganizationsPolicyBindingConditionArgs] = None,
display_name: Optional[str] = None,
policy_kind: Optional[str] = None)
func NewOrganizationsPolicyBinding(ctx *Context, name string, args OrganizationsPolicyBindingArgs, opts ...ResourceOption) (*OrganizationsPolicyBinding, error)
public OrganizationsPolicyBinding(string name, OrganizationsPolicyBindingArgs args, CustomResourceOptions? opts = null)
public OrganizationsPolicyBinding(String name, OrganizationsPolicyBindingArgs args)
public OrganizationsPolicyBinding(String name, OrganizationsPolicyBindingArgs args, CustomResourceOptions options)
type: gcp:iam:OrganizationsPolicyBinding
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationsPolicyBindingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationsPolicyBindingArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationsPolicyBindingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationsPolicyBindingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationsPolicyBindingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationsPolicyBindingResource = new Gcp.Iam.OrganizationsPolicyBinding("organizationsPolicyBindingResource", new()
{
Location = "string",
Organization = "string",
Policy = "string",
PolicyBindingId = "string",
Target = new Gcp.Iam.Inputs.OrganizationsPolicyBindingTargetArgs
{
PrincipalSet = "string",
},
Annotations =
{
{ "string", "string" },
},
Condition = new Gcp.Iam.Inputs.OrganizationsPolicyBindingConditionArgs
{
Description = "string",
Expression = "string",
Location = "string",
Title = "string",
},
DisplayName = "string",
PolicyKind = "string",
});
example, err := iam.NewOrganizationsPolicyBinding(ctx, "organizationsPolicyBindingResource", &iam.OrganizationsPolicyBindingArgs{
Location: pulumi.String("string"),
Organization: pulumi.String("string"),
Policy: pulumi.String("string"),
PolicyBindingId: pulumi.String("string"),
Target: &iam.OrganizationsPolicyBindingTargetArgs{
PrincipalSet: pulumi.String("string"),
},
Annotations: pulumi.StringMap{
"string": pulumi.String("string"),
},
Condition: &iam.OrganizationsPolicyBindingConditionArgs{
Description: pulumi.String("string"),
Expression: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
PolicyKind: pulumi.String("string"),
})
var organizationsPolicyBindingResource = new OrganizationsPolicyBinding("organizationsPolicyBindingResource", OrganizationsPolicyBindingArgs.builder()
.location("string")
.organization("string")
.policy("string")
.policyBindingId("string")
.target(OrganizationsPolicyBindingTargetArgs.builder()
.principalSet("string")
.build())
.annotations(Map.of("string", "string"))
.condition(OrganizationsPolicyBindingConditionArgs.builder()
.description("string")
.expression("string")
.location("string")
.title("string")
.build())
.displayName("string")
.policyKind("string")
.build());
organizations_policy_binding_resource = gcp.iam.OrganizationsPolicyBinding("organizationsPolicyBindingResource",
location="string",
organization="string",
policy="string",
policy_binding_id="string",
target={
"principal_set": "string",
},
annotations={
"string": "string",
},
condition={
"description": "string",
"expression": "string",
"location": "string",
"title": "string",
},
display_name="string",
policy_kind="string")
const organizationsPolicyBindingResource = new gcp.iam.OrganizationsPolicyBinding("organizationsPolicyBindingResource", {
location: "string",
organization: "string",
policy: "string",
policyBindingId: "string",
target: {
principalSet: "string",
},
annotations: {
string: "string",
},
condition: {
description: "string",
expression: "string",
location: "string",
title: "string",
},
displayName: "string",
policyKind: "string",
});
type: gcp:iam:OrganizationsPolicyBinding
properties:
annotations:
string: string
condition:
description: string
expression: string
location: string
title: string
displayName: string
location: string
organization: string
policy: string
policyBindingId: string
policyKind: string
target:
principalSet: string
OrganizationsPolicyBinding Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationsPolicyBinding resource accepts the following input properties:
- Location string
- The location of the Policy Binding
- Organization string
- The parent organization of the Policy Binding.
- Policy string
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- Policy
Binding stringId - The Policy Binding ID.
- Target
Organizations
Policy Binding Target - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- Annotations Dictionary<string, string>
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- Condition
Organizations
Policy Binding Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- Display
Name string - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- Policy
Kind string - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- Location string
- The location of the Policy Binding
- Organization string
- The parent organization of the Policy Binding.
- Policy string
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- Policy
Binding stringId - The Policy Binding ID.
- Target
Organizations
Policy Binding Target Args - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- Annotations map[string]string
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- Condition
Organizations
Policy Binding Condition Args - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- Display
Name string - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- Policy
Kind string - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- location String
- The location of the Policy Binding
- organization String
- The parent organization of the Policy Binding.
- policy String
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy
Binding StringId - The Policy Binding ID.
- target
Organizations
Policy Binding Target - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- annotations Map<String,String>
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition
Organizations
Policy Binding Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- display
Name String - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- policy
Kind String - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- location string
- The location of the Policy Binding
- organization string
- The parent organization of the Policy Binding.
- policy string
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy
Binding stringId - The Policy Binding ID.
- target
Organizations
Policy Binding Target - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- annotations {[key: string]: string}
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition
Organizations
Policy Binding Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- display
Name string - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- policy
Kind string - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- location str
- The location of the Policy Binding
- organization str
- The parent organization of the Policy Binding.
- policy str
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy_
binding_ strid - The Policy Binding ID.
- target
Organizations
Policy Binding Target Args - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- annotations Mapping[str, str]
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition
Organizations
Policy Binding Condition Args - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- display_
name str - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- policy_
kind str - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- location String
- The location of the Policy Binding
- organization String
- The parent organization of the Policy Binding.
- policy String
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy
Binding StringId - The Policy Binding ID.
- target Property Map
- Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- annotations Map<String>
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition Property Map
- Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- display
Name String - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- policy
Kind String - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationsPolicyBinding resource produces the following output properties:
- Create
Time string - Output only. The time when the policy binding was created.
- Effective
Annotations Dictionary<string, string> - Etag string
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- Policy
Uid string - Output only. The globally unique ID of the policy to be bound.
- Uid string
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- Update
Time string - Output only. The time when the policy binding was most recently updated.
- Create
Time string - Output only. The time when the policy binding was created.
- Effective
Annotations map[string]string - Etag string
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- Policy
Uid string - Output only. The globally unique ID of the policy to be bound.
- Uid string
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- Update
Time string - Output only. The time when the policy binding was most recently updated.
- create
Time String - Output only. The time when the policy binding was created.
- effective
Annotations Map<String,String> - etag String
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- policy
Uid String - Output only. The globally unique ID of the policy to be bound.
- uid String
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update
Time String - Output only. The time when the policy binding was most recently updated.
- create
Time string - Output only. The time when the policy binding was created.
- effective
Annotations {[key: string]: string} - etag string
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- policy
Uid string - Output only. The globally unique ID of the policy to be bound.
- uid string
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update
Time string - Output only. The time when the policy binding was most recently updated.
- create_
time str - Output only. The time when the policy binding was created.
- effective_
annotations Mapping[str, str] - etag str
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- policy_
uid str - Output only. The globally unique ID of the policy to be bound.
- uid str
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update_
time str - Output only. The time when the policy binding was most recently updated.
- create
Time String - Output only. The time when the policy binding was created.
- effective
Annotations Map<String> - etag String
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- policy
Uid String - Output only. The globally unique ID of the policy to be bound.
- uid String
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update
Time String - Output only. The time when the policy binding was most recently updated.
Look up Existing OrganizationsPolicyBinding Resource
Get an existing OrganizationsPolicyBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationsPolicyBindingState, opts?: CustomResourceOptions): OrganizationsPolicyBinding
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
annotations: Optional[Mapping[str, str]] = None,
condition: Optional[OrganizationsPolicyBindingConditionArgs] = None,
create_time: Optional[str] = None,
display_name: Optional[str] = None,
effective_annotations: Optional[Mapping[str, str]] = None,
etag: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
organization: Optional[str] = None,
policy: Optional[str] = None,
policy_binding_id: Optional[str] = None,
policy_kind: Optional[str] = None,
policy_uid: Optional[str] = None,
target: Optional[OrganizationsPolicyBindingTargetArgs] = None,
uid: Optional[str] = None,
update_time: Optional[str] = None) -> OrganizationsPolicyBinding
func GetOrganizationsPolicyBinding(ctx *Context, name string, id IDInput, state *OrganizationsPolicyBindingState, opts ...ResourceOption) (*OrganizationsPolicyBinding, error)
public static OrganizationsPolicyBinding Get(string name, Input<string> id, OrganizationsPolicyBindingState? state, CustomResourceOptions? opts = null)
public static OrganizationsPolicyBinding get(String name, Output<String> id, OrganizationsPolicyBindingState state, CustomResourceOptions options)
resources: _: type: gcp:iam:OrganizationsPolicyBinding get: id: ${id}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Annotations Dictionary<string, string>
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- Condition
Organizations
Policy Binding Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- Create
Time string - Output only. The time when the policy binding was created.
- Display
Name string - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- Effective
Annotations Dictionary<string, string> - Etag string
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- Location string
- The location of the Policy Binding
- Name string
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- Organization string
- The parent organization of the Policy Binding.
- Policy string
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- Policy
Binding stringId - The Policy Binding ID.
- Policy
Kind string - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- Policy
Uid string - Output only. The globally unique ID of the policy to be bound.
- Target
Organizations
Policy Binding Target - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- Uid string
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- Update
Time string - Output only. The time when the policy binding was most recently updated.
- Annotations map[string]string
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- Condition
Organizations
Policy Binding Condition Args - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- Create
Time string - Output only. The time when the policy binding was created.
- Display
Name string - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- Effective
Annotations map[string]string - Etag string
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- Location string
- The location of the Policy Binding
- Name string
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- Organization string
- The parent organization of the Policy Binding.
- Policy string
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- Policy
Binding stringId - The Policy Binding ID.
- Policy
Kind string - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- Policy
Uid string - Output only. The globally unique ID of the policy to be bound.
- Target
Organizations
Policy Binding Target Args - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- Uid string
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- Update
Time string - Output only. The time when the policy binding was most recently updated.
- annotations Map<String,String>
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition
Organizations
Policy Binding Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- create
Time String - Output only. The time when the policy binding was created.
- display
Name String - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- effective
Annotations Map<String,String> - etag String
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- location String
- The location of the Policy Binding
- name String
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- organization String
- The parent organization of the Policy Binding.
- policy String
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy
Binding StringId - The Policy Binding ID.
- policy
Kind String - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- policy
Uid String - Output only. The globally unique ID of the policy to be bound.
- target
Organizations
Policy Binding Target - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- uid String
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update
Time String - Output only. The time when the policy binding was most recently updated.
- annotations {[key: string]: string}
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition
Organizations
Policy Binding Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- create
Time string - Output only. The time when the policy binding was created.
- display
Name string - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- effective
Annotations {[key: string]: string} - etag string
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- location string
- The location of the Policy Binding
- name string
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- organization string
- The parent organization of the Policy Binding.
- policy string
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy
Binding stringId - The Policy Binding ID.
- policy
Kind string - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- policy
Uid string - Output only. The globally unique ID of the policy to be bound.
- target
Organizations
Policy Binding Target - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- uid string
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update
Time string - Output only. The time when the policy binding was most recently updated.
- annotations Mapping[str, str]
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition
Organizations
Policy Binding Condition Args - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- create_
time str - Output only. The time when the policy binding was created.
- display_
name str - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- effective_
annotations Mapping[str, str] - etag str
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- location str
- The location of the Policy Binding
- name str
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- organization str
- The parent organization of the Policy Binding.
- policy str
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy_
binding_ strid - The Policy Binding ID.
- policy_
kind str - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- policy_
uid str - Output only. The globally unique ID of the policy to be bound.
- target
Organizations
Policy Binding Target Args - Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- uid str
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update_
time str - Output only. The time when the policy binding was most recently updated.
- annotations Map<String>
- Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
- condition Property Map
- Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
- create
Time String - Output only. The time when the policy binding was created.
- display
Name String - Optional. The description of the policy binding. Must be less than or equal to 63 characters.
- effective
Annotations Map<String> - etag String
- Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
- location String
- The location of the Policy Binding
- name String
- The name of the policy binding in the format
{binding_parent/locations/{location}/policyBindings/{policy_binding_id}
- organization String
- The parent organization of the Policy Binding.
- policy String
- Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
- policy
Binding StringId - The Policy Binding ID.
- policy
Kind String - Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
- policy
Uid String - Output only. The globally unique ID of the policy to be bound.
- target Property Map
- Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
- uid String
- Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
- update
Time String - Output only. The time when the policy binding was most recently updated.
Supporting Types
OrganizationsPolicyBindingCondition, OrganizationsPolicyBindingConditionArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
OrganizationsPolicyBindingTarget, OrganizationsPolicyBindingTargetArgs
- Principal
Set string - Required. Immutable. The resource name of the policy to be bound.
The binding parent and policy must belong to the same Organization (or Project).
- Principal
Set string - Required. Immutable. The resource name of the policy to be bound.
The binding parent and policy must belong to the same Organization (or Project).
- principal
Set String - Required. Immutable. The resource name of the policy to be bound.
The binding parent and policy must belong to the same Organization (or Project).
- principal
Set string - Required. Immutable. The resource name of the policy to be bound.
The binding parent and policy must belong to the same Organization (or Project).
- principal_
set str - Required. Immutable. The resource name of the policy to be bound.
The binding parent and policy must belong to the same Organization (or Project).
- principal
Set String - Required. Immutable. The resource name of the policy to be bound.
The binding parent and policy must belong to the same Organization (or Project).
Import
OrganizationsPolicyBinding can be imported using any of these accepted formats:
organizations/{{organization}}/locations/{{location}}/policyBindings/{{policy_binding_id}}
{{organization}}/{{location}}/{{policy_binding_id}}
When using the pulumi import
command, OrganizationsPolicyBinding can be imported using one of the formats above. For example:
$ pulumi import gcp:iam/organizationsPolicyBinding:OrganizationsPolicyBinding default organizations/{{organization}}/locations/{{location}}/policyBindings/{{policy_binding_id}}
$ pulumi import gcp:iam/organizationsPolicyBinding:OrganizationsPolicyBinding default {{organization}}/{{location}}/{{policy_binding_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.