1. Packages
  2. Google Cloud Native
  3. API Docs
  4. iam
  5. iam/v1
  6. OrganizationRole

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.iam/v1.OrganizationRole

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates a new custom Role.

    Create OrganizationRole Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new OrganizationRole(name: string, args: OrganizationRoleArgs, opts?: CustomResourceOptions);
    @overload
    def OrganizationRole(resource_name: str,
                         args: OrganizationRoleArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def OrganizationRole(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         organization_id: Optional[str] = None,
                         deleted: Optional[bool] = None,
                         description: Optional[str] = None,
                         etag: Optional[str] = None,
                         included_permissions: Optional[Sequence[str]] = None,
                         name: Optional[str] = None,
                         role_id: Optional[str] = None,
                         stage: Optional[OrganizationRoleStage] = None,
                         title: Optional[str] = None)
    func NewOrganizationRole(ctx *Context, name string, args OrganizationRoleArgs, opts ...ResourceOption) (*OrganizationRole, error)
    public OrganizationRole(string name, OrganizationRoleArgs args, CustomResourceOptions? opts = null)
    public OrganizationRole(String name, OrganizationRoleArgs args)
    public OrganizationRole(String name, OrganizationRoleArgs args, CustomResourceOptions options)
    
    type: google-native:iam/v1:OrganizationRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args OrganizationRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OrganizationRoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OrganizationRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OrganizationRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OrganizationRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var organizationRoleResource = new GoogleNative.IAM.V1.OrganizationRole("organizationRoleResource", new()
    {
        OrganizationId = "string",
        Deleted = false,
        Description = "string",
        Etag = "string",
        IncludedPermissions = new[]
        {
            "string",
        },
        Name = "string",
        RoleId = "string",
        Stage = GoogleNative.IAM.V1.OrganizationRoleStage.Alpha,
        Title = "string",
    });
    
    example, err := iam.NewOrganizationRole(ctx, "organizationRoleResource", &iam.OrganizationRoleArgs{
    	OrganizationId: pulumi.String("string"),
    	Deleted:        pulumi.Bool(false),
    	Description:    pulumi.String("string"),
    	Etag:           pulumi.String("string"),
    	IncludedPermissions: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Name:   pulumi.String("string"),
    	RoleId: pulumi.String("string"),
    	Stage:  iam.OrganizationRoleStageAlpha,
    	Title:  pulumi.String("string"),
    })
    
    var organizationRoleResource = new OrganizationRole("organizationRoleResource", OrganizationRoleArgs.builder()
        .organizationId("string")
        .deleted(false)
        .description("string")
        .etag("string")
        .includedPermissions("string")
        .name("string")
        .roleId("string")
        .stage("ALPHA")
        .title("string")
        .build());
    
    organization_role_resource = google_native.iam.v1.OrganizationRole("organizationRoleResource",
        organization_id="string",
        deleted=False,
        description="string",
        etag="string",
        included_permissions=["string"],
        name="string",
        role_id="string",
        stage=google_native.iam.v1.OrganizationRoleStage.ALPHA,
        title="string")
    
    const organizationRoleResource = new google_native.iam.v1.OrganizationRole("organizationRoleResource", {
        organizationId: "string",
        deleted: false,
        description: "string",
        etag: "string",
        includedPermissions: ["string"],
        name: "string",
        roleId: "string",
        stage: google_native.iam.v1.OrganizationRoleStage.Alpha,
        title: "string",
    });
    
    type: google-native:iam/v1:OrganizationRole
    properties:
        deleted: false
        description: string
        etag: string
        includedPermissions:
            - string
        name: string
        organizationId: string
        roleId: string
        stage: ALPHA
        title: string
    

    OrganizationRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The OrganizationRole resource accepts the following input properties:

    OrganizationId string
    Deleted bool
    The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
    Description string
    Optional. A human-readable description for the role.
    Etag string
    Used to perform a consistent read-modify-write.
    IncludedPermissions List<string>
    The names of the permissions this role grants when bound in an IAM policy.
    Name string
    The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path. For example, roles/logging.viewer for predefined roles, organizations/{ORGANIZATION_ID}/roles/my-role for organization-level custom roles, and projects/{PROJECT_ID}/roles/my-role for project-level custom roles.
    RoleId string
    The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (_), and periods (.). It must contain a minimum of 3 characters and a maximum of 64 characters.
    Stage Pulumi.GoogleNative.IAM.V1.OrganizationRoleStage
    The current launch stage of the role. If the ALPHA launch stage has been selected for a role, the stage field will not be included in the returned definition for the role.
    Title string
    Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
    OrganizationId string
    Deleted bool
    The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
    Description string
    Optional. A human-readable description for the role.
    Etag string
    Used to perform a consistent read-modify-write.
    IncludedPermissions []string
    The names of the permissions this role grants when bound in an IAM policy.
    Name string
    The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path. For example, roles/logging.viewer for predefined roles, organizations/{ORGANIZATION_ID}/roles/my-role for organization-level custom roles, and projects/{PROJECT_ID}/roles/my-role for project-level custom roles.
    RoleId string
    The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (_), and periods (.). It must contain a minimum of 3 characters and a maximum of 64 characters.
    Stage OrganizationRoleStage
    The current launch stage of the role. If the ALPHA launch stage has been selected for a role, the stage field will not be included in the returned definition for the role.
    Title string
    Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
    organizationId String
    deleted Boolean
    The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
    description String
    Optional. A human-readable description for the role.
    etag String
    Used to perform a consistent read-modify-write.
    includedPermissions List<String>
    The names of the permissions this role grants when bound in an IAM policy.
    name String
    The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path. For example, roles/logging.viewer for predefined roles, organizations/{ORGANIZATION_ID}/roles/my-role for organization-level custom roles, and projects/{PROJECT_ID}/roles/my-role for project-level custom roles.
    roleId String
    The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (_), and periods (.). It must contain a minimum of 3 characters and a maximum of 64 characters.
    stage OrganizationRoleStage
    The current launch stage of the role. If the ALPHA launch stage has been selected for a role, the stage field will not be included in the returned definition for the role.
    title String
    Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
    organizationId string
    deleted boolean
    The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
    description string
    Optional. A human-readable description for the role.
    etag string
    Used to perform a consistent read-modify-write.
    includedPermissions string[]
    The names of the permissions this role grants when bound in an IAM policy.
    name string
    The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path. For example, roles/logging.viewer for predefined roles, organizations/{ORGANIZATION_ID}/roles/my-role for organization-level custom roles, and projects/{PROJECT_ID}/roles/my-role for project-level custom roles.
    roleId string
    The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (_), and periods (.). It must contain a minimum of 3 characters and a maximum of 64 characters.
    stage OrganizationRoleStage
    The current launch stage of the role. If the ALPHA launch stage has been selected for a role, the stage field will not be included in the returned definition for the role.
    title string
    Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
    organization_id str
    deleted bool
    The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
    description str
    Optional. A human-readable description for the role.
    etag str
    Used to perform a consistent read-modify-write.
    included_permissions Sequence[str]
    The names of the permissions this role grants when bound in an IAM policy.
    name str
    The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path. For example, roles/logging.viewer for predefined roles, organizations/{ORGANIZATION_ID}/roles/my-role for organization-level custom roles, and projects/{PROJECT_ID}/roles/my-role for project-level custom roles.
    role_id str
    The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (_), and periods (.). It must contain a minimum of 3 characters and a maximum of 64 characters.
    stage OrganizationRoleStage
    The current launch stage of the role. If the ALPHA launch stage has been selected for a role, the stage field will not be included in the returned definition for the role.
    title str
    Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
    organizationId String
    deleted Boolean
    The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
    description String
    Optional. A human-readable description for the role.
    etag String
    Used to perform a consistent read-modify-write.
    includedPermissions List<String>
    The names of the permissions this role grants when bound in an IAM policy.
    name String
    The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path. For example, roles/logging.viewer for predefined roles, organizations/{ORGANIZATION_ID}/roles/my-role for organization-level custom roles, and projects/{PROJECT_ID}/roles/my-role for project-level custom roles.
    roleId String
    The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (_), and periods (.). It must contain a minimum of 3 characters and a maximum of 64 characters.
    stage "ALPHA" | "BETA" | "GA" | "DEPRECATED" | "DISABLED" | "EAP"
    The current launch stage of the role. If the ALPHA launch stage has been selected for a role, the stage field will not be included in the returned definition for the role.
    title String
    Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the OrganizationRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    OrganizationRoleStage, OrganizationRoleStageArgs

    Alpha
    ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the stage field will not be included when requesting the definition for a given role.
    Beta
    BETAThe user has indicated this role is currently in a Beta phase.
    Ga
    GAThe user has indicated this role is generally available.
    Deprecated
    DEPRECATEDThe user has indicated this role is being deprecated.
    Disabled
    DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
    Eap
    EAPThe user has indicated this role is currently in an EAP phase.
    OrganizationRoleStageAlpha
    ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the stage field will not be included when requesting the definition for a given role.
    OrganizationRoleStageBeta
    BETAThe user has indicated this role is currently in a Beta phase.
    OrganizationRoleStageGa
    GAThe user has indicated this role is generally available.
    OrganizationRoleStageDeprecated
    DEPRECATEDThe user has indicated this role is being deprecated.
    OrganizationRoleStageDisabled
    DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
    OrganizationRoleStageEap
    EAPThe user has indicated this role is currently in an EAP phase.
    Alpha
    ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the stage field will not be included when requesting the definition for a given role.
    Beta
    BETAThe user has indicated this role is currently in a Beta phase.
    Ga
    GAThe user has indicated this role is generally available.
    Deprecated
    DEPRECATEDThe user has indicated this role is being deprecated.
    Disabled
    DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
    Eap
    EAPThe user has indicated this role is currently in an EAP phase.
    Alpha
    ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the stage field will not be included when requesting the definition for a given role.
    Beta
    BETAThe user has indicated this role is currently in a Beta phase.
    Ga
    GAThe user has indicated this role is generally available.
    Deprecated
    DEPRECATEDThe user has indicated this role is being deprecated.
    Disabled
    DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
    Eap
    EAPThe user has indicated this role is currently in an EAP phase.
    ALPHA
    ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the stage field will not be included when requesting the definition for a given role.
    BETA
    BETAThe user has indicated this role is currently in a Beta phase.
    GA
    GAThe user has indicated this role is generally available.
    DEPRECATED
    DEPRECATEDThe user has indicated this role is being deprecated.
    DISABLED
    DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
    EAP
    EAPThe user has indicated this role is currently in an EAP phase.
    "ALPHA"
    ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the stage field will not be included when requesting the definition for a given role.
    "BETA"
    BETAThe user has indicated this role is currently in a Beta phase.
    "GA"
    GAThe user has indicated this role is generally available.
    "DEPRECATED"
    DEPRECATEDThe user has indicated this role is being deprecated.
    "DISABLED"
    DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
    "EAP"
    EAPThe user has indicated this role is currently in an EAP phase.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi