gcp.iam.AccessBoundaryPolicy
Explore with Pulumi AI
Represents a collection of access boundary policies to apply to a given resource. NOTE: This is a private feature and users should contact GCP support if they would like to test it.
Example Usage
Iam Access Boundary Policy Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const project = new gcp.organizations.Project("project", {
projectId: "my-project",
name: "my-project",
orgId: "123456789",
billingAccount: "000000-0000000-0000000-000000",
deletionPolicy: "DELETE",
});
const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
parent: project.orgId.apply(orgId => `organizations/${orgId}`),
title: "my policy",
});
const test_access = new gcp.accesscontextmanager.AccessLevel("test-access", {
parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,
name: pulumi.interpolate`accessPolicies/${access_policy.name}/accessLevels/chromeos_no_lock`,
title: "chromeos_no_lock",
basic: {
conditions: [{
devicePolicy: {
requireScreenLock: true,
osConstraints: [{
osType: "DESKTOP_CHROME_OS",
}],
},
regions: [
"CH",
"IT",
"US",
],
}],
},
});
const example = new gcp.iam.AccessBoundaryPolicy("example", {
parent: std.urlencodeOutput({
input: pulumi.interpolate`cloudresourcemanager.googleapis.com/projects/${project.projectId}`,
}).apply(invoke => invoke.result),
name: "my-ab-policy",
displayName: "My AB policy",
rules: [{
description: "AB rule",
accessBoundaryRule: {
availableResource: "*",
availablePermissions: ["*"],
availabilityCondition: {
title: "Access level expr",
expression: pulumi.all([project.orgId, test_access.name]).apply(([orgId, name]) => `request.matchAccessLevels('${orgId}', ['${name}'])`),
},
},
}],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
project = gcp.organizations.Project("project",
project_id="my-project",
name="my-project",
org_id="123456789",
billing_account="000000-0000000-0000000-000000",
deletion_policy="DELETE")
access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
parent=project.org_id.apply(lambda org_id: f"organizations/{org_id}"),
title="my policy")
test_access = gcp.accesscontextmanager.AccessLevel("test-access",
parent=access_policy.name.apply(lambda name: f"accessPolicies/{name}"),
name=access_policy.name.apply(lambda name: f"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
title="chromeos_no_lock",
basic={
"conditions": [{
"device_policy": {
"require_screen_lock": True,
"os_constraints": [{
"os_type": "DESKTOP_CHROME_OS",
}],
},
"regions": [
"CH",
"IT",
"US",
],
}],
})
example = gcp.iam.AccessBoundaryPolicy("example",
parent=std.urlencode_output(input=project.project_id.apply(lambda project_id: f"cloudresourcemanager.googleapis.com/projects/{project_id}")).apply(lambda invoke: invoke.result),
name="my-ab-policy",
display_name="My AB policy",
rules=[{
"description": "AB rule",
"access_boundary_rule": {
"available_resource": "*",
"available_permissions": ["*"],
"availability_condition": {
"title": "Access level expr",
"expression": pulumi.Output.all(
org_id=project.org_id,
name=test_access.name
).apply(lambda resolved_outputs: f"request.matchAccessLevels('{resolved_outputs['org_id']}', ['{resolved_outputs['name']}'])")
,
},
},
}])
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
ProjectId: pulumi.String("my-project"),
Name: pulumi.String("my-project"),
OrgId: pulumi.String("123456789"),
BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
DeletionPolicy: pulumi.String("DELETE"),
})
if err != nil {
return err
}
_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
Parent: project.OrgId.ApplyT(func(orgId *string) (string, error) {
return fmt.Sprintf("organizations/%v", orgId), nil
}).(pulumi.StringOutput),
Title: pulumi.String("my policy"),
})
if err != nil {
return err
}
_, err = accesscontextmanager.NewAccessLevel(ctx, "test-access", &accesscontextmanager.AccessLevelArgs{
Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("accessPolicies/%v", name), nil
}).(pulumi.StringOutput),
Name: access_policy.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
}).(pulumi.StringOutput),
Title: pulumi.String("chromeos_no_lock"),
Basic: &accesscontextmanager.AccessLevelBasicArgs{
Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
&accesscontextmanager.AccessLevelBasicConditionArgs{
DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
RequireScreenLock: pulumi.Bool(true),
OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
OsType: pulumi.String("DESKTOP_CHROME_OS"),
},
},
},
Regions: pulumi.StringArray{
pulumi.String("CH"),
pulumi.String("IT"),
pulumi.String("US"),
},
},
},
},
})
if err != nil {
return err
}
_, err = iam.NewAccessBoundaryPolicy(ctx, "example", &iam.AccessBoundaryPolicyArgs{
Parent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{
Input: project.ProjectId.ApplyT(func(projectId string) (string, error) {
return fmt.Sprintf("cloudresourcemanager.googleapis.com/projects/%v", projectId), nil
}).(pulumi.StringOutput),
}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {
return invoke.Result, nil
}).(pulumi.StringPtrOutput)),
Name: pulumi.String("my-ab-policy"),
DisplayName: pulumi.String("My AB policy"),
Rules: iam.AccessBoundaryPolicyRuleArray{
&iam.AccessBoundaryPolicyRuleArgs{
Description: pulumi.String("AB rule"),
AccessBoundaryRule: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{
AvailableResource: pulumi.String("*"),
AvailablePermissions: pulumi.StringArray{
pulumi.String("*"),
},
AvailabilityCondition: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{
Title: pulumi.String("Access level expr"),
Expression: pulumi.All(project.OrgId, test_access.Name).ApplyT(func(_args []interface{}) (string, error) {
orgId := _args[0].(*string)
name := _args[1].(string)
return fmt.Sprintf("request.matchAccessLevels('%v', ['%v'])", orgId, name), nil
}).(pulumi.StringOutput),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var project = new Gcp.Organizations.Project("project", new()
{
ProjectId = "my-project",
Name = "my-project",
OrgId = "123456789",
BillingAccount = "000000-0000000-0000000-000000",
DeletionPolicy = "DELETE",
});
var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
{
Parent = project.OrgId.Apply(orgId => $"organizations/{orgId}"),
Title = "my policy",
});
var test_access = new Gcp.AccessContextManager.AccessLevel("test-access", new()
{
Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
Name = access_policy.Name.Apply(name => $"accessPolicies/{name}/accessLevels/chromeos_no_lock"),
Title = "chromeos_no_lock",
Basic = new Gcp.AccessContextManager.Inputs.AccessLevelBasicArgs
{
Conditions = new[]
{
new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionArgs
{
DevicePolicy = new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyArgs
{
RequireScreenLock = true,
OsConstraints = new[]
{
new Gcp.AccessContextManager.Inputs.AccessLevelBasicConditionDevicePolicyOsConstraintArgs
{
OsType = "DESKTOP_CHROME_OS",
},
},
},
Regions = new[]
{
"CH",
"IT",
"US",
},
},
},
},
});
var example = new Gcp.Iam.AccessBoundaryPolicy("example", new()
{
Parent = Std.Urlencode.Invoke(new()
{
Input = project.ProjectId.Apply(projectId => $"cloudresourcemanager.googleapis.com/projects/{projectId}"),
}).Apply(invoke => invoke.Result),
Name = "my-ab-policy",
DisplayName = "My AB policy",
Rules = new[]
{
new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleArgs
{
Description = "AB rule",
AccessBoundaryRule = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs
{
AvailableResource = "*",
AvailablePermissions = new[]
{
"*",
},
AvailabilityCondition = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs
{
Title = "Access level expr",
Expression = Output.Tuple(project.OrgId, test_access.Name).Apply(values =>
{
var orgId = values.Item1;
var name = values.Item2;
return $"request.matchAccessLevels('{orgId}', ['{name}'])";
}),
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Project;
import com.pulumi.gcp.organizations.ProjectArgs;
import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
import com.pulumi.gcp.accesscontextmanager.AccessLevel;
import com.pulumi.gcp.accesscontextmanager.AccessLevelArgs;
import com.pulumi.gcp.accesscontextmanager.inputs.AccessLevelBasicArgs;
import com.pulumi.gcp.iam.AccessBoundaryPolicy;
import com.pulumi.gcp.iam.AccessBoundaryPolicyArgs;
import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleArgs;
import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs;
import com.pulumi.gcp.iam.inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var project = new Project("project", ProjectArgs.builder()
.projectId("my-project")
.name("my-project")
.orgId("123456789")
.billingAccount("000000-0000000-0000000-000000")
.deletionPolicy("DELETE")
.build());
var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
.parent(project.orgId().applyValue(orgId -> String.format("organizations/%s", orgId)))
.title("my policy")
.build());
var test_access = new AccessLevel("test-access", AccessLevelArgs.builder()
.parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
.name(access_policy.name().applyValue(name -> String.format("accessPolicies/%s/accessLevels/chromeos_no_lock", name)))
.title("chromeos_no_lock")
.basic(AccessLevelBasicArgs.builder()
.conditions(AccessLevelBasicConditionArgs.builder()
.devicePolicy(AccessLevelBasicConditionDevicePolicyArgs.builder()
.requireScreenLock(true)
.osConstraints(AccessLevelBasicConditionDevicePolicyOsConstraintArgs.builder()
.osType("DESKTOP_CHROME_OS")
.build())
.build())
.regions(
"CH",
"IT",
"US")
.build())
.build())
.build());
var example = new AccessBoundaryPolicy("example", AccessBoundaryPolicyArgs.builder()
.parent(StdFunctions.urlencode().applyValue(invoke -> invoke.result()))
.name("my-ab-policy")
.displayName("My AB policy")
.rules(AccessBoundaryPolicyRuleArgs.builder()
.description("AB rule")
.accessBoundaryRule(AccessBoundaryPolicyRuleAccessBoundaryRuleArgs.builder()
.availableResource("*")
.availablePermissions("*")
.availabilityCondition(AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs.builder()
.title("Access level expr")
.expression(Output.tuple(project.orgId(), test_access.name()).applyValue(values -> {
var orgId = values.t1;
var name = values.t2;
return String.format("request.matchAccessLevels('%s', ['%s'])", orgId,name);
}))
.build())
.build())
.build())
.build());
}
}
resources:
project:
type: gcp:organizations:Project
properties:
projectId: my-project
name: my-project
orgId: '123456789'
billingAccount: 000000-0000000-0000000-000000
deletionPolicy: DELETE
test-access:
type: gcp:accesscontextmanager:AccessLevel
properties:
parent: accessPolicies/${["access-policy"].name}
name: accessPolicies/${["access-policy"].name}/accessLevels/chromeos_no_lock
title: chromeos_no_lock
basic:
conditions:
- devicePolicy:
requireScreenLock: true
osConstraints:
- osType: DESKTOP_CHROME_OS
regions:
- CH
- IT
- US
access-policy:
type: gcp:accesscontextmanager:AccessPolicy
properties:
parent: organizations/${project.orgId}
title: my policy
example:
type: gcp:iam:AccessBoundaryPolicy
properties:
parent:
fn::invoke:
Function: std:urlencode
Arguments:
input: cloudresourcemanager.googleapis.com/projects/${project.projectId}
Return: result
name: my-ab-policy
displayName: My AB policy
rules:
- description: AB rule
accessBoundaryRule:
availableResource: '*'
availablePermissions:
- '*'
availabilityCondition:
title: Access level expr
expression: request.matchAccessLevels('${project.orgId}', ['${["test-access"].name}'])
Create AccessBoundaryPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessBoundaryPolicy(name: string, args: AccessBoundaryPolicyArgs, opts?: CustomResourceOptions);
@overload
def AccessBoundaryPolicy(resource_name: str,
args: AccessBoundaryPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessBoundaryPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
parent: Optional[str] = None,
rules: Optional[Sequence[AccessBoundaryPolicyRuleArgs]] = None,
display_name: Optional[str] = None,
name: Optional[str] = None)
func NewAccessBoundaryPolicy(ctx *Context, name string, args AccessBoundaryPolicyArgs, opts ...ResourceOption) (*AccessBoundaryPolicy, error)
public AccessBoundaryPolicy(string name, AccessBoundaryPolicyArgs args, CustomResourceOptions? opts = null)
public AccessBoundaryPolicy(String name, AccessBoundaryPolicyArgs args)
public AccessBoundaryPolicy(String name, AccessBoundaryPolicyArgs args, CustomResourceOptions options)
type: gcp:iam:AccessBoundaryPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessBoundaryPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessBoundaryPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessBoundaryPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessBoundaryPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessBoundaryPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessBoundaryPolicyResource = new Gcp.Iam.AccessBoundaryPolicy("accessBoundaryPolicyResource", new()
{
Parent = "string",
Rules = new[]
{
new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleArgs
{
AccessBoundaryRule = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs
{
AvailabilityCondition = new Gcp.Iam.Inputs.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs
{
Expression = "string",
Description = "string",
Location = "string",
Title = "string",
},
AvailablePermissions = new[]
{
"string",
},
AvailableResource = "string",
},
Description = "string",
},
},
DisplayName = "string",
Name = "string",
});
example, err := iam.NewAccessBoundaryPolicy(ctx, "accessBoundaryPolicyResource", &iam.AccessBoundaryPolicyArgs{
Parent: pulumi.String("string"),
Rules: iam.AccessBoundaryPolicyRuleArray{
&iam.AccessBoundaryPolicyRuleArgs{
AccessBoundaryRule: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{
AvailabilityCondition: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{
Expression: pulumi.String("string"),
Description: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
AvailablePermissions: pulumi.StringArray{
pulumi.String("string"),
},
AvailableResource: pulumi.String("string"),
},
Description: pulumi.String("string"),
},
},
DisplayName: pulumi.String("string"),
Name: pulumi.String("string"),
})
var accessBoundaryPolicyResource = new AccessBoundaryPolicy("accessBoundaryPolicyResource", AccessBoundaryPolicyArgs.builder()
.parent("string")
.rules(AccessBoundaryPolicyRuleArgs.builder()
.accessBoundaryRule(AccessBoundaryPolicyRuleAccessBoundaryRuleArgs.builder()
.availabilityCondition(AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs.builder()
.expression("string")
.description("string")
.location("string")
.title("string")
.build())
.availablePermissions("string")
.availableResource("string")
.build())
.description("string")
.build())
.displayName("string")
.name("string")
.build());
access_boundary_policy_resource = gcp.iam.AccessBoundaryPolicy("accessBoundaryPolicyResource",
parent="string",
rules=[{
"access_boundary_rule": {
"availability_condition": {
"expression": "string",
"description": "string",
"location": "string",
"title": "string",
},
"available_permissions": ["string"],
"available_resource": "string",
},
"description": "string",
}],
display_name="string",
name="string")
const accessBoundaryPolicyResource = new gcp.iam.AccessBoundaryPolicy("accessBoundaryPolicyResource", {
parent: "string",
rules: [{
accessBoundaryRule: {
availabilityCondition: {
expression: "string",
description: "string",
location: "string",
title: "string",
},
availablePermissions: ["string"],
availableResource: "string",
},
description: "string",
}],
displayName: "string",
name: "string",
});
type: gcp:iam:AccessBoundaryPolicy
properties:
displayName: string
name: string
parent: string
rules:
- accessBoundaryRule:
availabilityCondition:
description: string
expression: string
location: string
title: string
availablePermissions:
- string
availableResource: string
description: string
AccessBoundaryPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessBoundaryPolicy resource accepts the following input properties:
- Parent string
- The attachment point is identified by its URL-encoded full resource name.
- Rules
List<Access
Boundary Policy Rule> - Rules to be applied. Structure is documented below.
- Display
Name string - The display name of the rule.
- Name string
- The name of the policy.
- Parent string
- The attachment point is identified by its URL-encoded full resource name.
- Rules
[]Access
Boundary Policy Rule Args - Rules to be applied. Structure is documented below.
- Display
Name string - The display name of the rule.
- Name string
- The name of the policy.
- parent String
- The attachment point is identified by its URL-encoded full resource name.
- rules
List<Access
Boundary Policy Rule> - Rules to be applied. Structure is documented below.
- display
Name String - The display name of the rule.
- name String
- The name of the policy.
- parent string
- The attachment point is identified by its URL-encoded full resource name.
- rules
Access
Boundary Policy Rule[] - Rules to be applied. Structure is documented below.
- display
Name string - The display name of the rule.
- name string
- The name of the policy.
- parent str
- The attachment point is identified by its URL-encoded full resource name.
- rules
Sequence[Access
Boundary Policy Rule Args] - Rules to be applied. Structure is documented below.
- display_
name str - The display name of the rule.
- name str
- The name of the policy.
- parent String
- The attachment point is identified by its URL-encoded full resource name.
- rules List<Property Map>
- Rules to be applied. Structure is documented below.
- display
Name String - The display name of the rule.
- name String
- The name of the policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessBoundaryPolicy resource produces the following output properties:
Look up Existing AccessBoundaryPolicy Resource
Get an existing AccessBoundaryPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessBoundaryPolicyState, opts?: CustomResourceOptions): AccessBoundaryPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
etag: Optional[str] = None,
name: Optional[str] = None,
parent: Optional[str] = None,
rules: Optional[Sequence[AccessBoundaryPolicyRuleArgs]] = None) -> AccessBoundaryPolicy
func GetAccessBoundaryPolicy(ctx *Context, name string, id IDInput, state *AccessBoundaryPolicyState, opts ...ResourceOption) (*AccessBoundaryPolicy, error)
public static AccessBoundaryPolicy Get(string name, Input<string> id, AccessBoundaryPolicyState? state, CustomResourceOptions? opts = null)
public static AccessBoundaryPolicy get(String name, Output<String> id, AccessBoundaryPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Display
Name string - The display name of the rule.
- Etag string
- The hash of the resource. Used internally during updates.
- Name string
- The name of the policy.
- Parent string
- The attachment point is identified by its URL-encoded full resource name.
- Rules
List<Access
Boundary Policy Rule> - Rules to be applied. Structure is documented below.
- Display
Name string - The display name of the rule.
- Etag string
- The hash of the resource. Used internally during updates.
- Name string
- The name of the policy.
- Parent string
- The attachment point is identified by its URL-encoded full resource name.
- Rules
[]Access
Boundary Policy Rule Args - Rules to be applied. Structure is documented below.
- display
Name String - The display name of the rule.
- etag String
- The hash of the resource. Used internally during updates.
- name String
- The name of the policy.
- parent String
- The attachment point is identified by its URL-encoded full resource name.
- rules
List<Access
Boundary Policy Rule> - Rules to be applied. Structure is documented below.
- display
Name string - The display name of the rule.
- etag string
- The hash of the resource. Used internally during updates.
- name string
- The name of the policy.
- parent string
- The attachment point is identified by its URL-encoded full resource name.
- rules
Access
Boundary Policy Rule[] - Rules to be applied. Structure is documented below.
- display_
name str - The display name of the rule.
- etag str
- The hash of the resource. Used internally during updates.
- name str
- The name of the policy.
- parent str
- The attachment point is identified by its URL-encoded full resource name.
- rules
Sequence[Access
Boundary Policy Rule Args] - Rules to be applied. Structure is documented below.
- display
Name String - The display name of the rule.
- etag String
- The hash of the resource. Used internally during updates.
- name String
- The name of the policy.
- parent String
- The attachment point is identified by its URL-encoded full resource name.
- rules List<Property Map>
- Rules to be applied. Structure is documented below.
Supporting Types
AccessBoundaryPolicyRule, AccessBoundaryPolicyRuleArgs
- Access
Boundary AccessRule Boundary Policy Rule Access Boundary Rule - An access boundary rule in an IAM policy. Structure is documented below.
- Description string
- The description of the rule.
- Access
Boundary AccessRule Boundary Policy Rule Access Boundary Rule - An access boundary rule in an IAM policy. Structure is documented below.
- Description string
- The description of the rule.
- access
Boundary AccessRule Boundary Policy Rule Access Boundary Rule - An access boundary rule in an IAM policy. Structure is documented below.
- description String
- The description of the rule.
- access
Boundary AccessRule Boundary Policy Rule Access Boundary Rule - An access boundary rule in an IAM policy. Structure is documented below.
- description string
- The description of the rule.
- access_
boundary_ Accessrule Boundary Policy Rule Access Boundary Rule - An access boundary rule in an IAM policy. Structure is documented below.
- description str
- The description of the rule.
- access
Boundary Property MapRule - An access boundary rule in an IAM policy. Structure is documented below.
- description String
- The description of the rule.
AccessBoundaryPolicyRuleAccessBoundaryRule, AccessBoundaryPolicyRuleAccessBoundaryRuleArgs
- Availability
Condition AccessBoundary Policy Rule Access Boundary Rule Availability Condition - The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
- Available
Permissions List<string> - A list of permissions that may be allowed for use on the specified resource.
- Available
Resource string - The full resource name of a Google Cloud resource entity.
- Availability
Condition AccessBoundary Policy Rule Access Boundary Rule Availability Condition - The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
- Available
Permissions []string - A list of permissions that may be allowed for use on the specified resource.
- Available
Resource string - The full resource name of a Google Cloud resource entity.
- availability
Condition AccessBoundary Policy Rule Access Boundary Rule Availability Condition - The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
- available
Permissions List<String> - A list of permissions that may be allowed for use on the specified resource.
- available
Resource String - The full resource name of a Google Cloud resource entity.
- availability
Condition AccessBoundary Policy Rule Access Boundary Rule Availability Condition - The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
- available
Permissions string[] - A list of permissions that may be allowed for use on the specified resource.
- available
Resource string - The full resource name of a Google Cloud resource entity.
- availability_
condition AccessBoundary Policy Rule Access Boundary Rule Availability Condition - The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
- available_
permissions Sequence[str] - A list of permissions that may be allowed for use on the specified resource.
- available_
resource str - The full resource name of a Google Cloud resource entity.
- availability
Condition Property Map - The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.
- available
Permissions List<String> - A list of permissions that may be allowed for use on the specified resource.
- available
Resource String - The full resource name of a Google Cloud resource entity.
AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition, AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Location string
- String indicating the location of the expression for error reporting,
e.g. a file name and a position in the file.
- Title string
- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Location string
- String indicating the location of the expression for error reporting,
e.g. a file name and a position in the file.
- Title string
- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location String
- String indicating the location of the expression for error reporting,
e.g. a file name and a position in the file.
- title String
- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- description string
- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location string
- String indicating the location of the expression for error reporting,
e.g. a file name and a position in the file.
- title string
- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- description str
- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location str
- String indicating the location of the expression for error reporting,
e.g. a file name and a position in the file.
- title str
- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- location String
- String indicating the location of the expression for error reporting,
e.g. a file name and a position in the file.
- title String
- Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
Import
AccessBoundaryPolicy can be imported using any of these accepted formats:
{{parent}}/{{name}}
When using the pulumi import
command, AccessBoundaryPolicy can be imported using one of the formats above. For example:
$ pulumi import gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy default {{parent}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.