Google Cloud (GCP) Classic

v6.44.0 published on Tuesday, Nov 29, 2022 by Pulumi

getIAMPolicy

Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform IAM resources, such as the gcp.projects.IAMPolicy resource.

Note: Please review the documentation of the resource that you will be using the datasource with. Some resources such as gcp.projects.IAMPolicy and others have limitations in their API methods which are noted on their respective page.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    auditConfigs: [{
        auditLogConfigs: [
            {
                exemptedMembers: ["user:you@domain.com"],
                logType: "DATA_READ",
            },
            {
                logType: "DATA_WRITE",
            },
            {
                logType: "ADMIN_READ",
            },
        ],
        service: "cloudkms.googleapis.com",
    }],
    bindings: [
        {
            members: ["serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com"],
            role: "roles/compute.instanceAdmin",
        },
        {
            members: ["user:alice@gmail.com"],
            role: "roles/storage.objectViewer",
        },
    ],
}));
import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(audit_configs=[gcp.organizations.GetIAMPolicyAuditConfigArgs(
        audit_log_configs=[
            gcp.organizations.GetIAMPolicyAuditConfigAuditLogConfigArgs(
                exempted_members=["user:you@domain.com"],
                log_type="DATA_READ",
            ),
            gcp.organizations.GetIAMPolicyAuditConfigAuditLogConfigArgs(
                log_type="DATA_WRITE",
            ),
            gcp.organizations.GetIAMPolicyAuditConfigAuditLogConfigArgs(
                log_type="ADMIN_READ",
            ),
        ],
        service="cloudkms.googleapis.com",
    )],
    bindings=[
        gcp.organizations.GetIAMPolicyBindingArgs(
            members=["serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com"],
            role="roles/compute.instanceAdmin",
        ),
        gcp.organizations.GetIAMPolicyBindingArgs(
            members=["user:alice@gmail.com"],
            role="roles/storage.objectViewer",
        ),
    ])
using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
    {
        AuditConfigs = new[]
        {
            new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigInputArgs
            {
                AuditLogConfigs = new[]
                {
                    new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigInputArgs
                    {
                        ExemptedMembers = new[]
                        {
                            "user:you@domain.com",
                        },
                        LogType = "DATA_READ",
                    },
                    new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigInputArgs
                    {
                        LogType = "DATA_WRITE",
                    },
                    new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigInputArgs
                    {
                        LogType = "ADMIN_READ",
                    },
                },
                Service = "cloudkms.googleapis.com",
            },
        },
        Bindings = new[]
        {
            new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
            {
                Members = new[]
                {
                    "serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com",
                },
                Role = "roles/compute.instanceAdmin",
            },
            new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
            {
                Members = new[]
                {
                    "user:alice@gmail.com",
                },
                Role = "roles/storage.objectViewer",
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err = organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			AuditConfigs: []organizations.GetIAMPolicyAuditConfig{
				organizations.GetIAMPolicyAuditConfig{
					AuditLogConfigs: []organizations.GetIAMPolicyAuditConfigAuditLogConfig{
						organizations.GetIAMPolicyAuditConfigAuditLogConfig{
							ExemptedMembers: []string{
								"user:you@domain.com",
							},
							LogType: "DATA_READ",
						},
						organizations.GetIAMPolicyAuditConfigAuditLogConfig{
							LogType: "DATA_WRITE",
						},
						organizations.GetIAMPolicyAuditConfigAuditLogConfig{
							LogType: "ADMIN_READ",
						},
					},
					Service: "cloudkms.googleapis.com",
				},
			},
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Members: []string{
						"serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com",
					},
					Role: "roles/compute.instanceAdmin",
				},
				organizations.GetIAMPolicyBinding{
					Members: []string{
						"user:alice@gmail.com",
					},
					Role: "roles/storage.objectViewer",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
            .auditConfigs(GetIAMPolicyAuditConfigArgs.builder()
                .auditLogConfigs(                
                    GetIAMPolicyAuditConfigAuditLogConfigArgs.builder()
                        .exemptedMembers("user:you@domain.com")
                        .logType("DATA_READ")
                        .build(),
                    GetIAMPolicyAuditConfigAuditLogConfigArgs.builder()
                        .logType("DATA_WRITE")
                        .build(),
                    GetIAMPolicyAuditConfigAuditLogConfigArgs.builder()
                        .logType("ADMIN_READ")
                        .build())
                .service("cloudkms.googleapis.com")
                .build())
            .bindings(            
                GetIAMPolicyBindingArgs.builder()
                    .members("serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com")
                    .role("roles/compute.instanceAdmin")
                    .build(),
                GetIAMPolicyBindingArgs.builder()
                    .members("user:alice@gmail.com")
                    .role("roles/storage.objectViewer")
                    .build())
            .build());

    }
}
variables:
  admin:
    fn::invoke:
      Function: gcp:organizations:getIAMPolicy
      Arguments:
        auditConfigs:
          - auditLogConfigs:
              - exemptedMembers:
                  - user:you@domain.com
                logType: DATA_READ
              - logType: DATA_WRITE
              - logType: ADMIN_READ
            service: cloudkms.googleapis.com
        bindings:
          - members:
              - serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com
            role: roles/compute.instanceAdmin
          - members:
              - user:alice@gmail.com
            role: roles/storage.objectViewer

This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.

Using getIAMPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getIAMPolicy(args: GetIAMPolicyArgs, opts?: InvokeOptions): Promise<GetIAMPolicyResult>
function getIAMPolicyOutput(args: GetIAMPolicyOutputArgs, opts?: InvokeOptions): Output<GetIAMPolicyResult>
def get_iam_policy(audit_configs: Optional[Sequence[GetIAMPolicyAuditConfig]] = None,
                   bindings: Optional[Sequence[GetIAMPolicyBinding]] = None,
                   opts: Optional[InvokeOptions] = None) -> GetIAMPolicyResult
def get_iam_policy_output(audit_configs: Optional[pulumi.Input[Sequence[pulumi.Input[GetIAMPolicyAuditConfigArgs]]]] = None,
                   bindings: Optional[pulumi.Input[Sequence[pulumi.Input[GetIAMPolicyBindingArgs]]]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetIAMPolicyResult]
func LookupIAMPolicy(ctx *Context, args *LookupIAMPolicyArgs, opts ...InvokeOption) (*LookupIAMPolicyResult, error)
func LookupIAMPolicyOutput(ctx *Context, args *LookupIAMPolicyOutputArgs, opts ...InvokeOption) LookupIAMPolicyResultOutput

> Note: This function is named LookupIAMPolicy in the Go SDK.

public static class GetIAMPolicy 
{
    public static Task<GetIAMPolicyResult> InvokeAsync(GetIAMPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetIAMPolicyResult> Invoke(GetIAMPolicyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetIAMPolicyResult> getIAMPolicy(GetIAMPolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: gcp:organizations/getIAMPolicy:getIAMPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

AuditConfigs List<GetIAMPolicyAuditConfig>

A nested configuration block that defines logging additional configuration for your project. This field is only supported on gcp.projects.IAMPolicy, gcp.folder.IAMPolicy and gcp.organizations.IAMPolicy.

Bindings List<GetIAMPolicyBinding>

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

AuditConfigs []GetIAMPolicyAuditConfig

A nested configuration block that defines logging additional configuration for your project. This field is only supported on gcp.projects.IAMPolicy, gcp.folder.IAMPolicy and gcp.organizations.IAMPolicy.

Bindings []GetIAMPolicyBinding

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

auditConfigs List<GetIAMPolicyAuditConfig>

A nested configuration block that defines logging additional configuration for your project. This field is only supported on gcp.projects.IAMPolicy, gcp.folder.IAMPolicy and gcp.organizations.IAMPolicy.

bindings List<GetIAMPolicyBinding>

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

auditConfigs GetIAMPolicyAuditConfig[]

A nested configuration block that defines logging additional configuration for your project. This field is only supported on gcp.projects.IAMPolicy, gcp.folder.IAMPolicy and gcp.organizations.IAMPolicy.

bindings GetIAMPolicyBinding[]

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

audit_configs Sequence[GetIAMPolicyAuditConfig]

A nested configuration block that defines logging additional configuration for your project. This field is only supported on gcp.projects.IAMPolicy, gcp.folder.IAMPolicy and gcp.organizations.IAMPolicy.

bindings Sequence[GetIAMPolicyBinding]

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

auditConfigs List<Property Map>

A nested configuration block that defines logging additional configuration for your project. This field is only supported on gcp.projects.IAMPolicy, gcp.folder.IAMPolicy and gcp.organizations.IAMPolicy.

bindings List<Property Map>

A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

getIAMPolicy Result

The following output properties are available:

Id string

The provider-assigned unique ID for this managed resource.

PolicyData string

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

AuditConfigs List<GetIAMPolicyAuditConfig>
Bindings List<GetIAMPolicyBinding>
Id string

The provider-assigned unique ID for this managed resource.

PolicyData string

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

AuditConfigs []GetIAMPolicyAuditConfig
Bindings []GetIAMPolicyBinding
id String

The provider-assigned unique ID for this managed resource.

policyData String

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

auditConfigs List<GetIAMPolicyAuditConfig>
bindings List<GetIAMPolicyBinding>
id string

The provider-assigned unique ID for this managed resource.

policyData string

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

auditConfigs GetIAMPolicyAuditConfig[]
bindings GetIAMPolicyBinding[]
id str

The provider-assigned unique ID for this managed resource.

policy_data str

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

audit_configs Sequence[GetIAMPolicyAuditConfig]
bindings Sequence[GetIAMPolicyBinding]
id String

The provider-assigned unique ID for this managed resource.

policyData String

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

auditConfigs List<Property Map>
bindings List<Property Map>

Supporting Types

GetIAMPolicyAuditConfig

AuditLogConfigs List<GetIAMPolicyAuditConfigAuditLogConfig>

A nested block that defines the operations you'd like to log.

Service string

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

AuditLogConfigs []GetIAMPolicyAuditConfigAuditLogConfig

A nested block that defines the operations you'd like to log.

Service string

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

auditLogConfigs List<GetIAMPolicyAuditConfigAuditLogConfig>

A nested block that defines the operations you'd like to log.

service String

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

auditLogConfigs GetIAMPolicyAuditConfigAuditLogConfig[]

A nested block that defines the operations you'd like to log.

service string

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

audit_log_configs Sequence[GetIAMPolicyAuditConfigAuditLogConfig]

A nested block that defines the operations you'd like to log.

service str

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

auditLogConfigs List<Property Map>

A nested block that defines the operations you'd like to log.

service String

Defines a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

GetIAMPolicyAuditConfigAuditLogConfig

LogType string

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

ExemptedMembers List<string>

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

LogType string

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

ExemptedMembers []string

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

logType String

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

exemptedMembers List<String>

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

logType string

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

exemptedMembers string[]

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

log_type str

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

exempted_members Sequence[str]

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

logType String

Defines the logging level. DATA_READ, DATA_WRITE and ADMIN_READ capture different types of events. See the audit configuration documentation for more details.

exemptedMembers List<String>

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the members array for binding.

GetIAMPolicyBinding

Members List<string>

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources don't support this identity.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources don't support this identity.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
Role string

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

Condition GetIAMPolicyBindingCondition

An IAM Condition for a given binding. Structure is documented below.

Members []string

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources don't support this identity.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources don't support this identity.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
Role string

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

Condition GetIAMPolicyBindingCondition

An IAM Condition for a given binding. Structure is documented below.

members List<String>

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources don't support this identity.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources don't support this identity.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
role String

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

condition GetIAMPolicyBindingCondition

An IAM Condition for a given binding. Structure is documented below.

members string[]

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources don't support this identity.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources don't support this identity.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
role string

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

condition GetIAMPolicyBindingCondition

An IAM Condition for a given binding. Structure is documented below.

members Sequence[str]

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources don't support this identity.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources don't support this identity.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
role str

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

condition GetIAMPolicyBindingCondition

An IAM Condition for a given binding. Structure is documented below.

members List<String>

An array of identities that will be granted the privilege in the role. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources don't support this identity.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources don't support this identity.
  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
role String

The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

condition Property Map

An IAM Condition for a given binding. Structure is documented below.

GetIAMPolicyBindingCondition

Expression string

Textual representation of an expression in Common Expression Language syntax.

Title string

A title for the expression, i.e. a short string describing its purpose.

Description string

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Title string

A title for the expression, i.e. a short string describing its purpose.

Description string

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

title String

A title for the expression, i.e. a short string describing its purpose.

description String

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression string

Textual representation of an expression in Common Expression Language syntax.

title string

A title for the expression, i.e. a short string describing its purpose.

description string

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression str

Textual representation of an expression in Common Expression Language syntax.

title str

A title for the expression, i.e. a short string describing its purpose.

description str

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

expression String

Textual representation of an expression in Common Expression Language syntax.

title String

A title for the expression, i.e. a short string describing its purpose.

description String

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.