Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.gameservices/v1.GameServerDeploymentIamPolicy
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist
on Google Cloud even though it will be deleted from Pulumi state.
Create GameServerDeploymentIamPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GameServerDeploymentIamPolicy(name: string, args: GameServerDeploymentIamPolicyArgs, opts?: CustomResourceOptions);
@overload
def GameServerDeploymentIamPolicy(resource_name: str,
args: GameServerDeploymentIamPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GameServerDeploymentIamPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
game_server_deployment_id: Optional[str] = None,
audit_configs: Optional[Sequence[AuditConfigArgs]] = None,
bindings: Optional[Sequence[BindingArgs]] = None,
etag: Optional[str] = None,
location: Optional[str] = None,
project: Optional[str] = None,
rules: Optional[Sequence[RuleArgs]] = None,
update_mask: Optional[str] = None,
version: Optional[int] = None)
func NewGameServerDeploymentIamPolicy(ctx *Context, name string, args GameServerDeploymentIamPolicyArgs, opts ...ResourceOption) (*GameServerDeploymentIamPolicy, error)
public GameServerDeploymentIamPolicy(string name, GameServerDeploymentIamPolicyArgs args, CustomResourceOptions? opts = null)
public GameServerDeploymentIamPolicy(String name, GameServerDeploymentIamPolicyArgs args)
public GameServerDeploymentIamPolicy(String name, GameServerDeploymentIamPolicyArgs args, CustomResourceOptions options)
type: google-native:gameservices/v1:GameServerDeploymentIamPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GameServerDeploymentIamPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GameServerDeploymentIamPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GameServerDeploymentIamPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GameServerDeploymentIamPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GameServerDeploymentIamPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gameServerDeploymentIamPolicyResource = new GoogleNative.GameServices.V1.GameServerDeploymentIamPolicy("gameServerDeploymentIamPolicyResource", new()
{
GameServerDeploymentId = "string",
AuditConfigs = new[]
{
new GoogleNative.GameServices.V1.Inputs.AuditConfigArgs
{
AuditLogConfigs = new[]
{
new GoogleNative.GameServices.V1.Inputs.AuditLogConfigArgs
{
ExemptedMembers = new[]
{
"string",
},
IgnoreChildExemptions = false,
LogType = GoogleNative.GameServices.V1.AuditLogConfigLogType.LogTypeUnspecified,
},
},
Service = "string",
},
},
Bindings = new[]
{
new GoogleNative.GameServices.V1.Inputs.BindingArgs
{
BindingId = "string",
Condition = new GoogleNative.GameServices.V1.Inputs.ExprArgs
{
Description = "string",
Expression = "string",
Location = "string",
Title = "string",
},
Members = new[]
{
"string",
},
Role = "string",
},
},
Etag = "string",
Location = "string",
Project = "string",
Rules = new[]
{
new GoogleNative.GameServices.V1.Inputs.RuleArgs
{
Action = GoogleNative.GameServices.V1.RuleAction.NoAction,
Conditions = new[]
{
new GoogleNative.GameServices.V1.Inputs.ConditionArgs
{
Iam = GoogleNative.GameServices.V1.ConditionIam.NoAttr,
Op = GoogleNative.GameServices.V1.ConditionOp.NoOp,
Svc = "string",
Sys = GoogleNative.GameServices.V1.ConditionSys.NoAttr,
Values = new[]
{
"string",
},
},
},
Description = "string",
In = new[]
{
"string",
},
LogConfig = new[]
{
new GoogleNative.GameServices.V1.Inputs.LogConfigArgs
{
CloudAudit = new GoogleNative.GameServices.V1.Inputs.CloudAuditOptionsArgs
{
AuthorizationLoggingOptions = new GoogleNative.GameServices.V1.Inputs.AuthorizationLoggingOptionsArgs
{
PermissionType = GoogleNative.GameServices.V1.AuthorizationLoggingOptionsPermissionType.PermissionTypeUnspecified,
},
LogName = GoogleNative.GameServices.V1.CloudAuditOptionsLogName.UnspecifiedLogName,
},
Counter = new GoogleNative.GameServices.V1.Inputs.CounterOptionsArgs
{
CustomFields = new[]
{
new GoogleNative.GameServices.V1.Inputs.CustomFieldArgs
{
Name = "string",
Value = "string",
},
},
Field = "string",
Metric = "string",
},
DataAccess = new GoogleNative.GameServices.V1.Inputs.DataAccessOptionsArgs
{
LogMode = GoogleNative.GameServices.V1.DataAccessOptionsLogMode.LogModeUnspecified,
},
},
},
NotIn = new[]
{
"string",
},
Permissions = new[]
{
"string",
},
},
},
UpdateMask = "string",
Version = 0,
});
example, err := gameservices.NewGameServerDeploymentIamPolicy(ctx, "gameServerDeploymentIamPolicyResource", &gameservices.GameServerDeploymentIamPolicyArgs{
GameServerDeploymentId: pulumi.String("string"),
AuditConfigs: gameservices.AuditConfigArray{
&gameservices.AuditConfigArgs{
AuditLogConfigs: gameservices.AuditLogConfigArray{
&gameservices.AuditLogConfigArgs{
ExemptedMembers: pulumi.StringArray{
pulumi.String("string"),
},
IgnoreChildExemptions: pulumi.Bool(false),
LogType: gameservices.AuditLogConfigLogTypeLogTypeUnspecified,
},
},
Service: pulumi.String("string"),
},
},
Bindings: gameservices.BindingArray{
&gameservices.BindingArgs{
BindingId: pulumi.String("string"),
Condition: &gameservices.ExprArgs{
Description: pulumi.String("string"),
Expression: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
Members: pulumi.StringArray{
pulumi.String("string"),
},
Role: pulumi.String("string"),
},
},
Etag: pulumi.String("string"),
Location: pulumi.String("string"),
Project: pulumi.String("string"),
Rules: gameservices.RuleArray{
&gameservices.RuleArgs{
Action: gameservices.RuleActionNoAction,
Conditions: gameservices.ConditionArray{
&gameservices.ConditionArgs{
Iam: gameservices.ConditionIamNoAttr,
Op: gameservices.ConditionOpNoOp,
Svc: pulumi.String("string"),
Sys: gameservices.ConditionSysNoAttr,
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
In: pulumi.StringArray{
pulumi.String("string"),
},
LogConfig: gameservices.LogConfigArray{
&gameservices.LogConfigArgs{
CloudAudit: &gameservices.CloudAuditOptionsArgs{
AuthorizationLoggingOptions: &gameservices.AuthorizationLoggingOptionsArgs{
PermissionType: gameservices.AuthorizationLoggingOptionsPermissionTypePermissionTypeUnspecified,
},
LogName: gameservices.CloudAuditOptionsLogNameUnspecifiedLogName,
},
Counter: &gameservices.CounterOptionsArgs{
CustomFields: gameservices.CustomFieldArray{
&gameservices.CustomFieldArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Field: pulumi.String("string"),
Metric: pulumi.String("string"),
},
DataAccess: &gameservices.DataAccessOptionsArgs{
LogMode: gameservices.DataAccessOptionsLogModeLogModeUnspecified,
},
},
},
NotIn: pulumi.StringArray{
pulumi.String("string"),
},
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
UpdateMask: pulumi.String("string"),
Version: pulumi.Int(0),
})
var gameServerDeploymentIamPolicyResource = new GameServerDeploymentIamPolicy("gameServerDeploymentIamPolicyResource", GameServerDeploymentIamPolicyArgs.builder()
.gameServerDeploymentId("string")
.auditConfigs(AuditConfigArgs.builder()
.auditLogConfigs(AuditLogConfigArgs.builder()
.exemptedMembers("string")
.ignoreChildExemptions(false)
.logType("LOG_TYPE_UNSPECIFIED")
.build())
.service("string")
.build())
.bindings(BindingArgs.builder()
.bindingId("string")
.condition(ExprArgs.builder()
.description("string")
.expression("string")
.location("string")
.title("string")
.build())
.members("string")
.role("string")
.build())
.etag("string")
.location("string")
.project("string")
.rules(RuleArgs.builder()
.action("NO_ACTION")
.conditions(ConditionArgs.builder()
.iam("NO_ATTR")
.op("NO_OP")
.svc("string")
.sys("NO_ATTR")
.values("string")
.build())
.description("string")
.in("string")
.logConfig(LogConfigArgs.builder()
.cloudAudit(CloudAuditOptionsArgs.builder()
.authorizationLoggingOptions(AuthorizationLoggingOptionsArgs.builder()
.permissionType("PERMISSION_TYPE_UNSPECIFIED")
.build())
.logName("UNSPECIFIED_LOG_NAME")
.build())
.counter(CounterOptionsArgs.builder()
.customFields(CustomFieldArgs.builder()
.name("string")
.value("string")
.build())
.field("string")
.metric("string")
.build())
.dataAccess(DataAccessOptionsArgs.builder()
.logMode("LOG_MODE_UNSPECIFIED")
.build())
.build())
.notIn("string")
.permissions("string")
.build())
.updateMask("string")
.version(0)
.build());
game_server_deployment_iam_policy_resource = google_native.gameservices.v1.GameServerDeploymentIamPolicy("gameServerDeploymentIamPolicyResource",
game_server_deployment_id="string",
audit_configs=[{
"audit_log_configs": [{
"exempted_members": ["string"],
"ignore_child_exemptions": False,
"log_type": google_native.gameservices.v1.AuditLogConfigLogType.LOG_TYPE_UNSPECIFIED,
}],
"service": "string",
}],
bindings=[{
"binding_id": "string",
"condition": {
"description": "string",
"expression": "string",
"location": "string",
"title": "string",
},
"members": ["string"],
"role": "string",
}],
etag="string",
location="string",
project="string",
rules=[{
"action": google_native.gameservices.v1.RuleAction.NO_ACTION,
"conditions": [{
"iam": google_native.gameservices.v1.ConditionIam.NO_ATTR,
"op": google_native.gameservices.v1.ConditionOp.NO_OP,
"svc": "string",
"sys": google_native.gameservices.v1.ConditionSys.NO_ATTR,
"values": ["string"],
}],
"description": "string",
"in_": ["string"],
"log_config": [{
"cloud_audit": {
"authorization_logging_options": {
"permission_type": google_native.gameservices.v1.AuthorizationLoggingOptionsPermissionType.PERMISSION_TYPE_UNSPECIFIED,
},
"log_name": google_native.gameservices.v1.CloudAuditOptionsLogName.UNSPECIFIED_LOG_NAME,
},
"counter": {
"custom_fields": [{
"name": "string",
"value": "string",
}],
"field": "string",
"metric": "string",
},
"data_access": {
"log_mode": google_native.gameservices.v1.DataAccessOptionsLogMode.LOG_MODE_UNSPECIFIED,
},
}],
"not_in": ["string"],
"permissions": ["string"],
}],
update_mask="string",
version=0)
const gameServerDeploymentIamPolicyResource = new google_native.gameservices.v1.GameServerDeploymentIamPolicy("gameServerDeploymentIamPolicyResource", {
gameServerDeploymentId: "string",
auditConfigs: [{
auditLogConfigs: [{
exemptedMembers: ["string"],
ignoreChildExemptions: false,
logType: google_native.gameservices.v1.AuditLogConfigLogType.LogTypeUnspecified,
}],
service: "string",
}],
bindings: [{
bindingId: "string",
condition: {
description: "string",
expression: "string",
location: "string",
title: "string",
},
members: ["string"],
role: "string",
}],
etag: "string",
location: "string",
project: "string",
rules: [{
action: google_native.gameservices.v1.RuleAction.NoAction,
conditions: [{
iam: google_native.gameservices.v1.ConditionIam.NoAttr,
op: google_native.gameservices.v1.ConditionOp.NoOp,
svc: "string",
sys: google_native.gameservices.v1.ConditionSys.NoAttr,
values: ["string"],
}],
description: "string",
"in": ["string"],
logConfig: [{
cloudAudit: {
authorizationLoggingOptions: {
permissionType: google_native.gameservices.v1.AuthorizationLoggingOptionsPermissionType.PermissionTypeUnspecified,
},
logName: google_native.gameservices.v1.CloudAuditOptionsLogName.UnspecifiedLogName,
},
counter: {
customFields: [{
name: "string",
value: "string",
}],
field: "string",
metric: "string",
},
dataAccess: {
logMode: google_native.gameservices.v1.DataAccessOptionsLogMode.LogModeUnspecified,
},
}],
notIn: ["string"],
permissions: ["string"],
}],
updateMask: "string",
version: 0,
});
type: google-native:gameservices/v1:GameServerDeploymentIamPolicy
properties:
auditConfigs:
- auditLogConfigs:
- exemptedMembers:
- string
ignoreChildExemptions: false
logType: LOG_TYPE_UNSPECIFIED
service: string
bindings:
- bindingId: string
condition:
description: string
expression: string
location: string
title: string
members:
- string
role: string
etag: string
gameServerDeploymentId: string
location: string
project: string
rules:
- action: NO_ACTION
conditions:
- iam: NO_ATTR
op: NO_OP
svc: string
sys: NO_ATTR
values:
- string
description: string
in:
- string
logConfig:
- cloudAudit:
authorizationLoggingOptions:
permissionType: PERMISSION_TYPE_UNSPECIFIED
logName: UNSPECIFIED_LOG_NAME
counter:
customFields:
- name: string
value: string
field: string
metric: string
dataAccess:
logMode: LOG_MODE_UNSPECIFIED
notIn:
- string
permissions:
- string
updateMask: string
version: 0
GameServerDeploymentIamPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GameServerDeploymentIamPolicy resource accepts the following input properties:
- Game
Server stringDeployment Id - Audit
Configs List<Pulumi.Google Native. Game Services. V1. Inputs. Audit Config> - Specifies cloud audit logging configuration for this policy.
- Bindings
List<Pulumi.
Google Native. Game Services. V1. Inputs. Binding> - Associates a list of
members
, or principals, with arole
. Optionally, may specify acondition
that determines how and when thebindings
are applied. Each of thebindings
must contain at least one principal. Thebindings
in aPolicy
can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if thebindings
grant 50 different roles touser:alice@example.com
, and not to any other principal, then you can add another 1,450 principals to thebindings
in thePolicy
. - Etag string
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost.- Location string
- Project string
- Rules
List<Pulumi.
Google Native. Game Services. V1. Inputs. Rule> - If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
- Update
Mask string - OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
paths: "bindings, etag"
- Version int
- Specifies the format of the policy. Valid values are
0
,1
, and3
. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version3
. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
- Game
Server stringDeployment Id - Audit
Configs []AuditConfig Args - Specifies cloud audit logging configuration for this policy.
- Bindings
[]Binding
Args - Associates a list of
members
, or principals, with arole
. Optionally, may specify acondition
that determines how and when thebindings
are applied. Each of thebindings
must contain at least one principal. Thebindings
in aPolicy
can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if thebindings
grant 50 different roles touser:alice@example.com
, and not to any other principal, then you can add another 1,450 principals to thebindings
in thePolicy
. - Etag string
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost.- Location string
- Project string
- Rules
[]Rule
Args - If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
- Update
Mask string - OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
paths: "bindings, etag"
- Version int
- Specifies the format of the policy. Valid values are
0
,1
, and3
. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version3
. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
- game
Server StringDeployment Id - audit
Configs List<AuditConfig> - Specifies cloud audit logging configuration for this policy.
- bindings List<Binding>
- Associates a list of
members
, or principals, with arole
. Optionally, may specify acondition
that determines how and when thebindings
are applied. Each of thebindings
must contain at least one principal. Thebindings
in aPolicy
can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if thebindings
grant 50 different roles touser:alice@example.com
, and not to any other principal, then you can add another 1,450 principals to thebindings
in thePolicy
. - etag String
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost.- location String
- project String
- rules List<Rule>
- If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
- update
Mask String - OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
paths: "bindings, etag"
- version Integer
- Specifies the format of the policy. Valid values are
0
,1
, and3
. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version3
. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
- game
Server stringDeployment Id - audit
Configs AuditConfig[] - Specifies cloud audit logging configuration for this policy.
- bindings Binding[]
- Associates a list of
members
, or principals, with arole
. Optionally, may specify acondition
that determines how and when thebindings
are applied. Each of thebindings
must contain at least one principal. Thebindings
in aPolicy
can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if thebindings
grant 50 different roles touser:alice@example.com
, and not to any other principal, then you can add another 1,450 principals to thebindings
in thePolicy
. - etag string
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost.- location string
- project string
- rules Rule[]
- If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
- update
Mask string - OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
paths: "bindings, etag"
- version number
- Specifies the format of the policy. Valid values are
0
,1
, and3
. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version3
. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
- game_
server_ strdeployment_ id - audit_
configs Sequence[AuditConfig Args] - Specifies cloud audit logging configuration for this policy.
- bindings
Sequence[Binding
Args] - Associates a list of
members
, or principals, with arole
. Optionally, may specify acondition
that determines how and when thebindings
are applied. Each of thebindings
must contain at least one principal. Thebindings
in aPolicy
can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if thebindings
grant 50 different roles touser:alice@example.com
, and not to any other principal, then you can add another 1,450 principals to thebindings
in thePolicy
. - etag str
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost.- location str
- project str
- rules
Sequence[Rule
Args] - If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
- update_
mask str - OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
paths: "bindings, etag"
- version int
- Specifies the format of the policy. Valid values are
0
,1
, and3
. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version3
. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
- game
Server StringDeployment Id - audit
Configs List<Property Map> - Specifies cloud audit logging configuration for this policy.
- bindings List<Property Map>
- Associates a list of
members
, or principals, with arole
. Optionally, may specify acondition
that determines how and when thebindings
are applied. Each of thebindings
must contain at least one principal. Thebindings
in aPolicy
can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if thebindings
grant 50 different roles touser:alice@example.com
, and not to any other principal, then you can add another 1,450 principals to thebindings
in thePolicy
. - etag String
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost.- location String
- project String
- rules List<Property Map>
- If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
- update
Mask String - OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
paths: "bindings, etag"
- version Number
- Specifies the format of the policy. Valid values are
0
,1
, and3
. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version3
. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include theetag
field whenever you callsetIamPolicy
. If you omit this field, then IAM allows you to overwrite a version3
policy with a version1
policy, and all of the conditions in the version3
policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
Outputs
All input properties are implicitly available as output properties. Additionally, the GameServerDeploymentIamPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
AuditConfig, AuditConfigArgs
- Audit
Log List<Pulumi.Configs Google Native. Game Services. V1. Inputs. Audit Log Config> - The configuration for logging of each type of permission.
- Service string
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- Audit
Log []AuditConfigs Log Config - The configuration for logging of each type of permission.
- Service string
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit
Log List<AuditConfigs Log Config> - The configuration for logging of each type of permission.
- service String
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit
Log AuditConfigs Log Config[] - The configuration for logging of each type of permission.
- service string
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit_
log_ Sequence[Auditconfigs Log Config] - The configuration for logging of each type of permission.
- service str
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit
Log List<Property Map>Configs - The configuration for logging of each type of permission.
- service String
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
AuditConfigResponse, AuditConfigResponseArgs
- Audit
Log List<Pulumi.Configs Google Native. Game Services. V1. Inputs. Audit Log Config Response> - The configuration for logging of each type of permission.
- Service string
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- Audit
Log []AuditConfigs Log Config Response - The configuration for logging of each type of permission.
- Service string
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit
Log List<AuditConfigs Log Config Response> - The configuration for logging of each type of permission.
- service String
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit
Log AuditConfigs Log Config Response[] - The configuration for logging of each type of permission.
- service string
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit_
log_ Sequence[Auditconfigs Log Config Response] - The configuration for logging of each type of permission.
- service str
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
- audit
Log List<Property Map>Configs - The configuration for logging of each type of permission.
- service String
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.
AuditLogConfig, AuditLogConfigArgs
- Exempted
Members List<string> - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- Ignore
Child boolExemptions - Log
Type Pulumi.Google Native. Game Services. V1. Audit Log Config Log Type - The log type that this config enables.
- Exempted
Members []string - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- Ignore
Child boolExemptions - Log
Type AuditLog Config Log Type - The log type that this config enables.
- exempted
Members List<String> - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore
Child BooleanExemptions - log
Type AuditLog Config Log Type - The log type that this config enables.
- exempted
Members string[] - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore
Child booleanExemptions - log
Type AuditLog Config Log Type - The log type that this config enables.
- exempted_
members Sequence[str] - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore_
child_ boolexemptions - log_
type AuditLog Config Log Type - The log type that this config enables.
- exempted
Members List<String> - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore
Child BooleanExemptions - log
Type "LOG_TYPE_UNSPECIFIED" | "ADMIN_READ" | "DATA_WRITE" | "DATA_READ" - The log type that this config enables.
AuditLogConfigLogType, AuditLogConfigLogTypeArgs
- Log
Type Unspecified - LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
- Admin
Read - ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
- Data
Write - DATA_WRITEData writes. Example: CloudSQL Users create
- Data
Read - DATA_READData reads. Example: CloudSQL Users list
- Audit
Log Config Log Type Log Type Unspecified - LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
- Audit
Log Config Log Type Admin Read - ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
- Audit
Log Config Log Type Data Write - DATA_WRITEData writes. Example: CloudSQL Users create
- Audit
Log Config Log Type Data Read - DATA_READData reads. Example: CloudSQL Users list
- Log
Type Unspecified - LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
- Admin
Read - ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
- Data
Write - DATA_WRITEData writes. Example: CloudSQL Users create
- Data
Read - DATA_READData reads. Example: CloudSQL Users list
- Log
Type Unspecified - LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
- Admin
Read - ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
- Data
Write - DATA_WRITEData writes. Example: CloudSQL Users create
- Data
Read - DATA_READData reads. Example: CloudSQL Users list
- LOG_TYPE_UNSPECIFIED
- LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
- ADMIN_READ
- ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
- DATA_WRITE
- DATA_WRITEData writes. Example: CloudSQL Users create
- DATA_READ
- DATA_READData reads. Example: CloudSQL Users list
- "LOG_TYPE_UNSPECIFIED"
- LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
- "ADMIN_READ"
- ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
- "DATA_WRITE"
- DATA_WRITEData writes. Example: CloudSQL Users create
- "DATA_READ"
- DATA_READData reads. Example: CloudSQL Users list
AuditLogConfigResponse, AuditLogConfigResponseArgs
- Exempted
Members List<string> - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- Ignore
Child boolExemptions - Log
Type string - The log type that this config enables.
- Exempted
Members []string - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- Ignore
Child boolExemptions - Log
Type string - The log type that this config enables.
- exempted
Members List<String> - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore
Child BooleanExemptions - log
Type String - The log type that this config enables.
- exempted
Members string[] - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore
Child booleanExemptions - log
Type string - The log type that this config enables.
- exempted_
members Sequence[str] - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore_
child_ boolexemptions - log_
type str - The log type that this config enables.
- exempted
Members List<String> - Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
- ignore
Child BooleanExemptions - log
Type String - The log type that this config enables.
AuthorizationLoggingOptions, AuthorizationLoggingOptionsArgs
- Permission
Type Pulumi.Google Native. Game Services. V1. Authorization Logging Options Permission Type - The type of the permission that was checked.
- Permission
Type AuthorizationLogging Options Permission Type - The type of the permission that was checked.
- permission
Type AuthorizationLogging Options Permission Type - The type of the permission that was checked.
- permission
Type AuthorizationLogging Options Permission Type - The type of the permission that was checked.
- permission_
type AuthorizationLogging Options Permission Type - The type of the permission that was checked.
- permission
Type "PERMISSION_TYPE_UNSPECIFIED" | "ADMIN_READ" | "ADMIN_WRITE" | "DATA_READ" | "DATA_WRITE" - The type of the permission that was checked.
AuthorizationLoggingOptionsPermissionType, AuthorizationLoggingOptionsPermissionTypeArgs
- Permission
Type Unspecified - PERMISSION_TYPE_UNSPECIFIEDDefault. Should not be used.
- Admin
Read - ADMIN_READA read of admin (meta) data.
- Admin
Write - ADMIN_WRITEA write of admin (meta) data.
- Data
Read - DATA_READA read of standard data.
- Data
Write - DATA_WRITEA write of standard data.
- Authorization
Logging Options Permission Type Permission Type Unspecified - PERMISSION_TYPE_UNSPECIFIEDDefault. Should not be used.
- Authorization
Logging Options Permission Type Admin Read - ADMIN_READA read of admin (meta) data.
- Authorization
Logging Options Permission Type Admin Write - ADMIN_WRITEA write of admin (meta) data.
- Authorization
Logging Options Permission Type Data Read - DATA_READA read of standard data.
- Authorization
Logging Options Permission Type Data Write - DATA_WRITEA write of standard data.
- Permission
Type Unspecified - PERMISSION_TYPE_UNSPECIFIEDDefault. Should not be used.
- Admin
Read - ADMIN_READA read of admin (meta) data.
- Admin
Write - ADMIN_WRITEA write of admin (meta) data.
- Data
Read - DATA_READA read of standard data.
- Data
Write - DATA_WRITEA write of standard data.
- Permission
Type Unspecified - PERMISSION_TYPE_UNSPECIFIEDDefault. Should not be used.
- Admin
Read - ADMIN_READA read of admin (meta) data.
- Admin
Write - ADMIN_WRITEA write of admin (meta) data.
- Data
Read - DATA_READA read of standard data.
- Data
Write - DATA_WRITEA write of standard data.
- PERMISSION_TYPE_UNSPECIFIED
- PERMISSION_TYPE_UNSPECIFIEDDefault. Should not be used.
- ADMIN_READ
- ADMIN_READA read of admin (meta) data.
- ADMIN_WRITE
- ADMIN_WRITEA write of admin (meta) data.
- DATA_READ
- DATA_READA read of standard data.
- DATA_WRITE
- DATA_WRITEA write of standard data.
- "PERMISSION_TYPE_UNSPECIFIED"
- PERMISSION_TYPE_UNSPECIFIEDDefault. Should not be used.
- "ADMIN_READ"
- ADMIN_READA read of admin (meta) data.
- "ADMIN_WRITE"
- ADMIN_WRITEA write of admin (meta) data.
- "DATA_READ"
- DATA_READA read of standard data.
- "DATA_WRITE"
- DATA_WRITEA write of standard data.
AuthorizationLoggingOptionsResponse, AuthorizationLoggingOptionsResponseArgs
- Permission
Type string - The type of the permission that was checked.
- Permission
Type string - The type of the permission that was checked.
- permission
Type String - The type of the permission that was checked.
- permission
Type string - The type of the permission that was checked.
- permission_
type str - The type of the permission that was checked.
- permission
Type String - The type of the permission that was checked.
Binding, BindingArgs
- Binding
Id string - Condition
Pulumi.
Google Native. Game Services. V1. Inputs. Expr - The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - Members List<string>
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - Role string
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- Binding
Id string - Condition Expr
- The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - Members []string
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - Role string
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding
Id String - condition Expr
- The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members List<String>
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role String
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding
Id string - condition Expr
- The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members string[]
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role string
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding_
id str - condition Expr
- The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members Sequence[str]
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role str
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding
Id String - condition Property Map
- The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members List<String>
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role String
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
BindingResponse, BindingResponseArgs
- Binding
Id string - Condition
Pulumi.
Google Native. Game Services. V1. Inputs. Expr Response - The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - Members List<string>
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - Role string
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- Binding
Id string - Condition
Expr
Response - The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - Members []string
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - Role string
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding
Id String - condition
Expr
Response - The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members List<String>
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role String
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding
Id string - condition
Expr
Response - The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members string[]
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role string
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding_
id str - condition
Expr
Response - The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members Sequence[str]
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role str
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
- binding
Id String - condition Property Map
- The condition that is associated with this binding. If the condition evaluates to
true
, then this binding applies to the current request. If the condition evaluates tofalse
, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. - members List<String>
- Specifies the principals requesting access for a Google Cloud resource.
members
can have the following values: *allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. *allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. *user:{emailid}
: An email address that represents a specific Google account. For example,alice@example.com
. *serviceAccount:{emailid}
: An email address that represents a Google service account. For example,my-other-app@appspot.gserviceaccount.com
. *serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]
: An identifier for a Kubernetes service account. For example,my-project.svc.id.goog[my-namespace/my-kubernetes-sa]
. *group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. *domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
. *deleted:user:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:{emailid}
and the recovered user retains the role in the binding. *deleted:serviceAccount:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:{emailid}
and the undeleted service account retains the role in the binding. *deleted:group:{emailid}?uid={uniqueid}
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:{emailid}
and the recovered group retains the role in the binding. - role String
- Role that is assigned to the list of
members
, or principals. For example,roles/viewer
,roles/editor
, orroles/owner
.
CloudAuditOptions, CloudAuditOptionsArgs
- Pulumi.
Google Native. Game Services. V1. Inputs. Authorization Logging Options - Information used by the Cloud Audit Logging pipeline.
- Log
Name Pulumi.Google Native. Game Services. V1. Cloud Audit Options Log Name - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options - Information used by the Cloud Audit Logging pipeline.
- Log
Name CloudAudit Options Log Name - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options - Information used by the Cloud Audit Logging pipeline.
- log
Name CloudAudit Options Log Name - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options - Information used by the Cloud Audit Logging pipeline.
- log
Name CloudAudit Options Log Name - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options - Information used by the Cloud Audit Logging pipeline.
- log_
name CloudAudit Options Log Name - The log_name to populate in the Cloud Audit Record.
- Property Map
- Information used by the Cloud Audit Logging pipeline.
- log
Name "UNSPECIFIED_LOG_NAME" | "ADMIN_ACTIVITY" | "DATA_ACCESS" - The log_name to populate in the Cloud Audit Record.
CloudAuditOptionsLogName, CloudAuditOptionsLogNameArgs
- Unspecified
Log Name - UNSPECIFIED_LOG_NAMEDefault. Should not be used.
- Admin
Activity - ADMIN_ACTIVITYCorresponds to "cloudaudit.googleapis.com/activity"
- Data
Access - DATA_ACCESSCorresponds to "cloudaudit.googleapis.com/data_access"
- Cloud
Audit Options Log Name Unspecified Log Name - UNSPECIFIED_LOG_NAMEDefault. Should not be used.
- Cloud
Audit Options Log Name Admin Activity - ADMIN_ACTIVITYCorresponds to "cloudaudit.googleapis.com/activity"
- Cloud
Audit Options Log Name Data Access - DATA_ACCESSCorresponds to "cloudaudit.googleapis.com/data_access"
- Unspecified
Log Name - UNSPECIFIED_LOG_NAMEDefault. Should not be used.
- Admin
Activity - ADMIN_ACTIVITYCorresponds to "cloudaudit.googleapis.com/activity"
- Data
Access - DATA_ACCESSCorresponds to "cloudaudit.googleapis.com/data_access"
- Unspecified
Log Name - UNSPECIFIED_LOG_NAMEDefault. Should not be used.
- Admin
Activity - ADMIN_ACTIVITYCorresponds to "cloudaudit.googleapis.com/activity"
- Data
Access - DATA_ACCESSCorresponds to "cloudaudit.googleapis.com/data_access"
- UNSPECIFIED_LOG_NAME
- UNSPECIFIED_LOG_NAMEDefault. Should not be used.
- ADMIN_ACTIVITY
- ADMIN_ACTIVITYCorresponds to "cloudaudit.googleapis.com/activity"
- DATA_ACCESS
- DATA_ACCESSCorresponds to "cloudaudit.googleapis.com/data_access"
- "UNSPECIFIED_LOG_NAME"
- UNSPECIFIED_LOG_NAMEDefault. Should not be used.
- "ADMIN_ACTIVITY"
- ADMIN_ACTIVITYCorresponds to "cloudaudit.googleapis.com/activity"
- "DATA_ACCESS"
- DATA_ACCESSCorresponds to "cloudaudit.googleapis.com/data_access"
CloudAuditOptionsResponse, CloudAuditOptionsResponseArgs
- Pulumi.
Google Native. Game Services. V1. Inputs. Authorization Logging Options Response - Information used by the Cloud Audit Logging pipeline.
- Log
Name string - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options Response - Information used by the Cloud Audit Logging pipeline.
- Log
Name string - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options Response - Information used by the Cloud Audit Logging pipeline.
- log
Name String - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options Response - Information used by the Cloud Audit Logging pipeline.
- log
Name string - The log_name to populate in the Cloud Audit Record.
- Authorization
Logging Options Response - Information used by the Cloud Audit Logging pipeline.
- log_
name str - The log_name to populate in the Cloud Audit Record.
- Property Map
- Information used by the Cloud Audit Logging pipeline.
- log
Name String - The log_name to populate in the Cloud Audit Record.
Condition, ConditionArgs
- Iam
Pulumi.
Google Native. Game Services. V1. Condition Iam - Trusted attributes supplied by the IAM system.
- Op
Pulumi.
Google Native. Game Services. V1. Condition Op - An operator to apply the subject with.
- Svc string
- Trusted attributes discharged by the service.
- Sys
Pulumi.
Google Native. Game Services. V1. Condition Sys - Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- Values List<string>
- The objects of the condition.
- Iam
Condition
Iam - Trusted attributes supplied by the IAM system.
- Op
Condition
Op - An operator to apply the subject with.
- Svc string
- Trusted attributes discharged by the service.
- Sys
Condition
Sys - Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- Values []string
- The objects of the condition.
- iam
Condition
Iam - Trusted attributes supplied by the IAM system.
- op
Condition
Op - An operator to apply the subject with.
- svc String
- Trusted attributes discharged by the service.
- sys
Condition
Sys - Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values List<String>
- The objects of the condition.
- iam
Condition
Iam - Trusted attributes supplied by the IAM system.
- op
Condition
Op - An operator to apply the subject with.
- svc string
- Trusted attributes discharged by the service.
- sys
Condition
Sys - Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values string[]
- The objects of the condition.
- iam
Condition
Iam - Trusted attributes supplied by the IAM system.
- op
Condition
Op - An operator to apply the subject with.
- svc str
- Trusted attributes discharged by the service.
- sys
Condition
Sys - Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values Sequence[str]
- The objects of the condition.
- iam "NO_ATTR" | "AUTHORITY" | "ATTRIBUTION" | "SECURITY_REALM" | "APPROVER" | "JUSTIFICATION_TYPE" | "CREDENTIALS_TYPE" | "CREDS_ASSERTION"
- Trusted attributes supplied by the IAM system.
- op "NO_OP" | "EQUALS" | "NOT_EQUALS" | "IN" | "NOT_IN" | "DISCHARGED"
- An operator to apply the subject with.
- svc String
- Trusted attributes discharged by the service.
- sys "NO_ATTR" | "REGION" | "SERVICE" | "NAME" | "IP"
- Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values List<String>
- The objects of the condition.
ConditionIam, ConditionIamArgs
- No
Attr - NO_ATTRDefault non-attribute.
- Authority
- AUTHORITYEither principal or (if present) authority selector.
- Attribution
- ATTRIBUTIONThe principal (even if an authority selector is present), which must only be used for attribution, not authorization.
- Security
Realm - SECURITY_REALMAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the absence of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Approver
- APPROVERAn approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
- Justification
Type - JUSTIFICATION_TYPEWhat types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the absence of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
- Credentials
Type - CREDENTIALS_TYPEWhat type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the absence of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Creds
Assertion - CREDS_ASSERTIONEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Condition
Iam No Attr - NO_ATTRDefault non-attribute.
- Condition
Iam Authority - AUTHORITYEither principal or (if present) authority selector.
- Condition
Iam Attribution - ATTRIBUTIONThe principal (even if an authority selector is present), which must only be used for attribution, not authorization.
- Condition
Iam Security Realm - SECURITY_REALMAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the absence of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Condition
Iam Approver - APPROVERAn approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
- Condition
Iam Justification Type - JUSTIFICATION_TYPEWhat types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the absence of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
- Condition
Iam Credentials Type - CREDENTIALS_TYPEWhat type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the absence of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Condition
Iam Creds Assertion - CREDS_ASSERTIONEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- No
Attr - NO_ATTRDefault non-attribute.
- Authority
- AUTHORITYEither principal or (if present) authority selector.
- Attribution
- ATTRIBUTIONThe principal (even if an authority selector is present), which must only be used for attribution, not authorization.
- Security
Realm - SECURITY_REALMAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the absence of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Approver
- APPROVERAn approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
- Justification
Type - JUSTIFICATION_TYPEWhat types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the absence of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
- Credentials
Type - CREDENTIALS_TYPEWhat type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the absence of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Creds
Assertion - CREDS_ASSERTIONEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- No
Attr - NO_ATTRDefault non-attribute.
- Authority
- AUTHORITYEither principal or (if present) authority selector.
- Attribution
- ATTRIBUTIONThe principal (even if an authority selector is present), which must only be used for attribution, not authorization.
- Security
Realm - SECURITY_REALMAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the absence of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Approver
- APPROVERAn approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
- Justification
Type - JUSTIFICATION_TYPEWhat types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the absence of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
- Credentials
Type - CREDENTIALS_TYPEWhat type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the absence of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- Creds
Assertion - CREDS_ASSERTIONEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- NO_ATTR
- NO_ATTRDefault non-attribute.
- AUTHORITY
- AUTHORITYEither principal or (if present) authority selector.
- ATTRIBUTION
- ATTRIBUTIONThe principal (even if an authority selector is present), which must only be used for attribution, not authorization.
- SECURITY_REALM
- SECURITY_REALMAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the absence of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- APPROVER
- APPROVERAn approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
- JUSTIFICATION_TYPE
- JUSTIFICATION_TYPEWhat types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the absence of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
- CREDENTIALS_TYPE
- CREDENTIALS_TYPEWhat type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the absence of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- CREDS_ASSERTION
- CREDS_ASSERTIONEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- "NO_ATTR"
- NO_ATTRDefault non-attribute.
- "AUTHORITY"
- AUTHORITYEither principal or (if present) authority selector.
- "ATTRIBUTION"
- ATTRIBUTIONThe principal (even if an authority selector is present), which must only be used for attribution, not authorization.
- "SECURITY_REALM"
- SECURITY_REALMAny of the security realms in the IAMContext (go/security-realms). When used with IN, the condition indicates "any of the request's realms match one of the given values; with NOT_IN, "none of the realms match any of the given values". Note that a value can be: - 'self:campus' (i.e., clients that are in the same campus) - 'self:metro' (i.e., clients that are in the same metro) - 'self:cloud-region' (i.e., allow connections from clients that are in the same cloud region) - 'self:prod-region' (i.e., allow connections from clients that are in the same prod region) - 'guardians' (i.e., allow connections from its guardian realms. See go/security-realms-glossary#guardian for more information.) - 'self' [DEPRECATED] (i.e., allow connections from clients that are in the same security realm, which is currently but not guaranteed to be campus-sized) - a realm (e.g., 'campus-abc') - a realm group (e.g., 'realms-for-borg-cell-xx', see: go/realm-groups) A match is determined by a realm group membership check performed by a RealmAclRep object (go/realm-acl-howto). It is not permitted to grant access based on the absence of a realm, so realm conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- "APPROVER"
- APPROVERAn approver (distinct from the requester) that has authorized this request. When used with IN, the condition indicates that one of the approvers associated with the request matches the specified principal, or is a member of the specified group. Approvers can only grant additional access, and are thus only used in a strictly positive context (e.g. ALLOW/IN or DENY/NOT_IN).
- "JUSTIFICATION_TYPE"
- JUSTIFICATION_TYPEWhat types of justifications have been supplied with this request. String values should match enum names from security.credentials.JustificationType, e.g. "MANUAL_STRING". It is not permitted to grant access based on the absence of a justification, so justification conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN). Multiple justifications, e.g., a Buganizer ID and a manually-entered reason, are normal and supported.
- "CREDENTIALS_TYPE"
- CREDENTIALS_TYPEWhat type of credentials have been supplied with this request. String values should match enum names from security_loas_l2.CredentialsType - currently, only CREDS_TYPE_EMERGENCY is supported. It is not permitted to grant access based on the absence of a credentials type, so the conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
- "CREDS_ASSERTION"
- CREDS_ASSERTIONEXPERIMENTAL -- DO NOT USE. The conditions can only be used in a "positive" context (e.g., ALLOW/IN or DENY/NOT_IN).
ConditionOp, ConditionOpArgs
- No
Op - NO_OPDefault no-op.
- Equals
Value - EQUALSDEPRECATED. Use IN instead.
- Not
Equals - NOT_EQUALSDEPRECATED. Use NOT_IN instead.
- In
- INThe condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
- Not
In - NOT_INThe condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
- Discharged
- DISCHARGEDSubject is discharged
- Condition
Op No Op - NO_OPDefault no-op.
- Condition
Op Equals - EQUALSDEPRECATED. Use IN instead.
- Condition
Op Not Equals - NOT_EQUALSDEPRECATED. Use NOT_IN instead.
- Condition
Op In - INThe condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
- Condition
Op Not In - NOT_INThe condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
- Condition
Op Discharged - DISCHARGEDSubject is discharged
- No
Op - NO_OPDefault no-op.
- Equals
- EQUALSDEPRECATED. Use IN instead.
- Not
Equals - NOT_EQUALSDEPRECATED. Use NOT_IN instead.
- In
- INThe condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
- Not
In - NOT_INThe condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
- Discharged
- DISCHARGEDSubject is discharged
- No
Op - NO_OPDefault no-op.
- Equals
- EQUALSDEPRECATED. Use IN instead.
- Not
Equals - NOT_EQUALSDEPRECATED. Use NOT_IN instead.
- In
- INThe condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
- Not
In - NOT_INThe condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
- Discharged
- DISCHARGEDSubject is discharged
- NO_OP
- NO_OPDefault no-op.
- EQUALS
- EQUALSDEPRECATED. Use IN instead.
- NOT_EQUALS
- NOT_EQUALSDEPRECATED. Use NOT_IN instead.
- IN_
- INThe condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
- NOT_IN
- NOT_INThe condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
- DISCHARGED
- DISCHARGEDSubject is discharged
- "NO_OP"
- NO_OPDefault no-op.
- "EQUALS"
- EQUALSDEPRECATED. Use IN instead.
- "NOT_EQUALS"
- NOT_EQUALSDEPRECATED. Use NOT_IN instead.
- "IN"
- INThe condition is true if the subject (or any element of it if it is a set) matches any of the supplied values.
- "NOT_IN"
- NOT_INThe condition is true if the subject (or every element of it if it is a set) matches none of the supplied values.
- "DISCHARGED"
- DISCHARGEDSubject is discharged
ConditionResponse, ConditionResponseArgs
- Iam string
- Trusted attributes supplied by the IAM system.
- Op string
- An operator to apply the subject with.
- Svc string
- Trusted attributes discharged by the service.
- Sys string
- Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- Values List<string>
- The objects of the condition.
- Iam string
- Trusted attributes supplied by the IAM system.
- Op string
- An operator to apply the subject with.
- Svc string
- Trusted attributes discharged by the service.
- Sys string
- Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- Values []string
- The objects of the condition.
- iam String
- Trusted attributes supplied by the IAM system.
- op String
- An operator to apply the subject with.
- svc String
- Trusted attributes discharged by the service.
- sys String
- Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values List<String>
- The objects of the condition.
- iam string
- Trusted attributes supplied by the IAM system.
- op string
- An operator to apply the subject with.
- svc string
- Trusted attributes discharged by the service.
- sys string
- Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values string[]
- The objects of the condition.
- iam str
- Trusted attributes supplied by the IAM system.
- op str
- An operator to apply the subject with.
- svc str
- Trusted attributes discharged by the service.
- sys str
- Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values Sequence[str]
- The objects of the condition.
- iam String
- Trusted attributes supplied by the IAM system.
- op String
- An operator to apply the subject with.
- svc String
- Trusted attributes discharged by the service.
- sys String
- Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- values List<String>
- The objects of the condition.
ConditionSys, ConditionSysArgs
- No
Attr - NO_ATTRDefault non-attribute type
- Region
- REGIONRegion of the resource
- Service
- SERVICEService name
- Name
- NAMEResource name
- Ip
- IPIP address of the caller
- Condition
Sys No Attr - NO_ATTRDefault non-attribute type
- Condition
Sys Region - REGIONRegion of the resource
- Condition
Sys Service - SERVICEService name
- Condition
Sys Name - NAMEResource name
- Condition
Sys Ip - IPIP address of the caller
- No
Attr - NO_ATTRDefault non-attribute type
- Region
- REGIONRegion of the resource
- Service
- SERVICEService name
- Name
- NAMEResource name
- Ip
- IPIP address of the caller
- No
Attr - NO_ATTRDefault non-attribute type
- Region
- REGIONRegion of the resource
- Service
- SERVICEService name
- Name
- NAMEResource name
- Ip
- IPIP address of the caller
- NO_ATTR
- NO_ATTRDefault non-attribute type
- REGION
- REGIONRegion of the resource
- SERVICE
- SERVICEService name
- NAME
- NAMEResource name
- IP
- IPIP address of the caller
- "NO_ATTR"
- NO_ATTRDefault non-attribute type
- "REGION"
- REGIONRegion of the resource
- "SERVICE"
- SERVICEService name
- "NAME"
- NAMEResource name
- "IP"
- IPIP address of the caller
CounterOptions, CounterOptionsArgs
- Custom
Fields List<Pulumi.Google Native. Game Services. V1. Inputs. Custom Field> - Custom fields.
- Field string
- The field value to attribute.
- Metric string
- The metric to update.
- Custom
Fields []CustomField - Custom fields.
- Field string
- The field value to attribute.
- Metric string
- The metric to update.
- custom
Fields List<CustomField> - Custom fields.
- field String
- The field value to attribute.
- metric String
- The metric to update.
- custom
Fields CustomField[] - Custom fields.
- field string
- The field value to attribute.
- metric string
- The metric to update.
- custom_
fields Sequence[CustomField] - Custom fields.
- field str
- The field value to attribute.
- metric str
- The metric to update.
- custom
Fields List<Property Map> - Custom fields.
- field String
- The field value to attribute.
- metric String
- The metric to update.
CounterOptionsResponse, CounterOptionsResponseArgs
- Custom
Fields List<Pulumi.Google Native. Game Services. V1. Inputs. Custom Field Response> - Custom fields.
- Field string
- The field value to attribute.
- Metric string
- The metric to update.
- Custom
Fields []CustomField Response - Custom fields.
- Field string
- The field value to attribute.
- Metric string
- The metric to update.
- custom
Fields List<CustomField Response> - Custom fields.
- field String
- The field value to attribute.
- metric String
- The metric to update.
- custom
Fields CustomField Response[] - Custom fields.
- field string
- The field value to attribute.
- metric string
- The metric to update.
- custom_
fields Sequence[CustomField Response] - Custom fields.
- field str
- The field value to attribute.
- metric str
- The metric to update.
- custom
Fields List<Property Map> - Custom fields.
- field String
- The field value to attribute.
- metric String
- The metric to update.
CustomField, CustomFieldArgs
CustomFieldResponse, CustomFieldResponseArgs
DataAccessOptions, DataAccessOptionsArgs
DataAccessOptionsLogMode, DataAccessOptionsLogModeArgs
- Log
Mode Unspecified - LOG_MODE_UNSPECIFIEDClient is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
- Log
Fail Closed - LOG_FAIL_CLOSEDThe application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
- Data
Access Options Log Mode Log Mode Unspecified - LOG_MODE_UNSPECIFIEDClient is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
- Data
Access Options Log Mode Log Fail Closed - LOG_FAIL_CLOSEDThe application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
- Log
Mode Unspecified - LOG_MODE_UNSPECIFIEDClient is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
- Log
Fail Closed - LOG_FAIL_CLOSEDThe application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
- Log
Mode Unspecified - LOG_MODE_UNSPECIFIEDClient is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
- Log
Fail Closed - LOG_FAIL_CLOSEDThe application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
- LOG_MODE_UNSPECIFIED
- LOG_MODE_UNSPECIFIEDClient is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
- LOG_FAIL_CLOSED
- LOG_FAIL_CLOSEDThe application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
- "LOG_MODE_UNSPECIFIED"
- LOG_MODE_UNSPECIFIEDClient is not required to write a partial Gin log immediately after the authorization check. If client chooses to write one and it fails, client may either fail open (allow the operation to continue) or fail closed (handle as a DENY outcome).
- "LOG_FAIL_CLOSED"
- LOG_FAIL_CLOSEDThe application's operation in the context of which this authorization check is being made may only be performed if it is successfully logged to Gin. For instance, the authorization library may satisfy this obligation by emitting a partial log entry at authorization check time and only returning ALLOW to the application if it succeeds. If a matching Rule has this directive, but the client has not indicated that it will honor such requirements, then the IAM check will result in authorization failure by setting CheckPolicyResponse.success=false.
DataAccessOptionsResponse, DataAccessOptionsResponseArgs
- Log
Mode string
- Log
Mode string
- log
Mode String
- log
Mode string
- log_
mode str
- log
Mode String
Expr, ExprArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExprResponse, ExprResponseArgs
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- location string
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- location str
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- location String
- Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
LogConfig, LogConfigArgs
- Cloud
Audit Pulumi.Google Native. Game Services. V1. Inputs. Cloud Audit Options - Cloud audit options.
- Counter
Pulumi.
Google Native. Game Services. V1. Inputs. Counter Options - Counter options.
- Data
Access Pulumi.Google Native. Game Services. V1. Inputs. Data Access Options - Data access options.
- Cloud
Audit CloudAudit Options - Cloud audit options.
- Counter
Counter
Options - Counter options.
- Data
Access DataAccess Options - Data access options.
- cloud
Audit CloudAudit Options - Cloud audit options.
- counter
Counter
Options - Counter options.
- data
Access DataAccess Options - Data access options.
- cloud
Audit CloudAudit Options - Cloud audit options.
- counter
Counter
Options - Counter options.
- data
Access DataAccess Options - Data access options.
- cloud_
audit CloudAudit Options - Cloud audit options.
- counter
Counter
Options - Counter options.
- data_
access DataAccess Options - Data access options.
- cloud
Audit Property Map - Cloud audit options.
- counter Property Map
- Counter options.
- data
Access Property Map - Data access options.
LogConfigResponse, LogConfigResponseArgs
- Cloud
Audit Pulumi.Google Native. Game Services. V1. Inputs. Cloud Audit Options Response - Cloud audit options.
- Counter
Pulumi.
Google Native. Game Services. V1. Inputs. Counter Options Response - Counter options.
- Data
Access Pulumi.Google Native. Game Services. V1. Inputs. Data Access Options Response - Data access options.
- Cloud
Audit CloudAudit Options Response - Cloud audit options.
- Counter
Counter
Options Response - Counter options.
- Data
Access DataAccess Options Response - Data access options.
- cloud
Audit CloudAudit Options Response - Cloud audit options.
- counter
Counter
Options Response - Counter options.
- data
Access DataAccess Options Response - Data access options.
- cloud
Audit CloudAudit Options Response - Cloud audit options.
- counter
Counter
Options Response - Counter options.
- data
Access DataAccess Options Response - Data access options.
- cloud_
audit CloudAudit Options Response - Cloud audit options.
- counter
Counter
Options Response - Counter options.
- data_
access DataAccess Options Response - Data access options.
- cloud
Audit Property Map - Cloud audit options.
- counter Property Map
- Counter options.
- data
Access Property Map - Data access options.
Rule, RuleArgs
- Action
Pulumi.
Google Native. Game Services. V1. Rule Action - Required
- Conditions
List<Pulumi.
Google Native. Game Services. V1. Inputs. Condition> - Additional restrictions that must be met. All conditions must pass for the rule to match.
- Description string
- Human-readable description of the rule.
- In List<string>
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- Log
Config List<Pulumi.Google Native. Game Services. V1. Inputs. Log Config> - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- Not
In List<string> - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- Permissions List<string>
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- Action
Rule
Action - Required
- Conditions []Condition
- Additional restrictions that must be met. All conditions must pass for the rule to match.
- Description string
- Human-readable description of the rule.
- In []string
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- Log
Config []LogConfig - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- Not
In []string - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- Permissions []string
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action
Rule
Action - Required
- conditions List<Condition>
- Additional restrictions that must be met. All conditions must pass for the rule to match.
- description String
- Human-readable description of the rule.
- in List<String>
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log
Config List<LogConfig> - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not
In List<String> - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions List<String>
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action
Rule
Action - Required
- conditions Condition[]
- Additional restrictions that must be met. All conditions must pass for the rule to match.
- description string
- Human-readable description of the rule.
- in string[]
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log
Config LogConfig[] - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not
In string[] - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions string[]
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action
Rule
Action - Required
- conditions Sequence[Condition]
- Additional restrictions that must be met. All conditions must pass for the rule to match.
- description str
- Human-readable description of the rule.
- in_ Sequence[str]
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log_
config Sequence[LogConfig] - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not_
in Sequence[str] - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions Sequence[str]
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action "NO_ACTION" | "ALLOW" | "ALLOW_WITH_LOG" | "DENY" | "DENY_WITH_LOG" | "LOG"
- Required
- conditions List<Property Map>
- Additional restrictions that must be met. All conditions must pass for the rule to match.
- description String
- Human-readable description of the rule.
- in List<String>
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log
Config List<Property Map> - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not
In List<String> - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions List<String>
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
RuleAction, RuleActionArgs
- No
Action - NO_ACTIONDefault no action.
- Allow
- ALLOWMatching 'Entries' grant access.
- Allow
With Log - ALLOW_WITH_LOGMatching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
- Deny
- DENYMatching 'Entries' deny access.
- Deny
With Log - DENY_WITH_LOGMatching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
- Log
- LOGMatching 'Entries' tell IAM.Check callers to generate logs.
- Rule
Action No Action - NO_ACTIONDefault no action.
- Rule
Action Allow - ALLOWMatching 'Entries' grant access.
- Rule
Action Allow With Log - ALLOW_WITH_LOGMatching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
- Rule
Action Deny - DENYMatching 'Entries' deny access.
- Rule
Action Deny With Log - DENY_WITH_LOGMatching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
- Rule
Action Log - LOGMatching 'Entries' tell IAM.Check callers to generate logs.
- No
Action - NO_ACTIONDefault no action.
- Allow
- ALLOWMatching 'Entries' grant access.
- Allow
With Log - ALLOW_WITH_LOGMatching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
- Deny
- DENYMatching 'Entries' deny access.
- Deny
With Log - DENY_WITH_LOGMatching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
- Log
- LOGMatching 'Entries' tell IAM.Check callers to generate logs.
- No
Action - NO_ACTIONDefault no action.
- Allow
- ALLOWMatching 'Entries' grant access.
- Allow
With Log - ALLOW_WITH_LOGMatching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
- Deny
- DENYMatching 'Entries' deny access.
- Deny
With Log - DENY_WITH_LOGMatching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
- Log
- LOGMatching 'Entries' tell IAM.Check callers to generate logs.
- NO_ACTION
- NO_ACTIONDefault no action.
- ALLOW
- ALLOWMatching 'Entries' grant access.
- ALLOW_WITH_LOG
- ALLOW_WITH_LOGMatching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
- DENY
- DENYMatching 'Entries' deny access.
- DENY_WITH_LOG
- DENY_WITH_LOGMatching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
- LOG
- LOGMatching 'Entries' tell IAM.Check callers to generate logs.
- "NO_ACTION"
- NO_ACTIONDefault no action.
- "ALLOW"
- ALLOWMatching 'Entries' grant access.
- "ALLOW_WITH_LOG"
- ALLOW_WITH_LOGMatching 'Entries' grant access and the caller promises to log the request per the returned log_configs.
- "DENY"
- DENYMatching 'Entries' deny access.
- "DENY_WITH_LOG"
- DENY_WITH_LOGMatching 'Entries' deny access and the caller promises to log the request per the returned log_configs.
- "LOG"
- LOGMatching 'Entries' tell IAM.Check callers to generate logs.
RuleResponse, RuleResponseArgs
- Action string
- Required
- Conditions
List<Pulumi.
Google Native. Game Services. V1. Inputs. Condition Response> - Additional restrictions that must be met. All conditions must pass for the rule to match.
- Description string
- Human-readable description of the rule.
- In List<string>
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- Log
Config List<Pulumi.Google Native. Game Services. V1. Inputs. Log Config Response> - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- Not
In List<string> - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- Permissions List<string>
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- Action string
- Required
- Conditions
[]Condition
Response - Additional restrictions that must be met. All conditions must pass for the rule to match.
- Description string
- Human-readable description of the rule.
- In []string
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- Log
Config []LogConfig Response - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- Not
In []string - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- Permissions []string
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action String
- Required
- conditions
List<Condition
Response> - Additional restrictions that must be met. All conditions must pass for the rule to match.
- description String
- Human-readable description of the rule.
- in List<String>
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log
Config List<LogConfig Response> - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not
In List<String> - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions List<String>
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action string
- Required
- conditions
Condition
Response[] - Additional restrictions that must be met. All conditions must pass for the rule to match.
- description string
- Human-readable description of the rule.
- in string[]
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log
Config LogConfig Response[] - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not
In string[] - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions string[]
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action str
- Required
- conditions
Sequence[Condition
Response] - Additional restrictions that must be met. All conditions must pass for the rule to match.
- description str
- Human-readable description of the rule.
- in_ Sequence[str]
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log_
config Sequence[LogConfig Response] - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not_
in Sequence[str] - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions Sequence[str]
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
- action String
- Required
- conditions List<Property Map>
- Additional restrictions that must be met. All conditions must pass for the rule to match.
- description String
- Human-readable description of the rule.
- in List<String>
- If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
- log
Config List<Property Map> - The config returned to callers of CheckPolicy for any entries that match the LOG action.
- not
In List<String> - If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries can be found at in the Local IAM documentation (see go/local-iam#features).
- permissions List<String>
- A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.