Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.iam/v1.OrganizationRole
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new custom Role.
Create OrganizationRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationRole(name: string, args: OrganizationRoleArgs, opts?: CustomResourceOptions);
@overload
def OrganizationRole(resource_name: str,
args: OrganizationRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
organization_id: Optional[str] = None,
deleted: Optional[bool] = None,
description: Optional[str] = None,
etag: Optional[str] = None,
included_permissions: Optional[Sequence[str]] = None,
name: Optional[str] = None,
role_id: Optional[str] = None,
stage: Optional[OrganizationRoleStage] = None,
title: Optional[str] = None)
func NewOrganizationRole(ctx *Context, name string, args OrganizationRoleArgs, opts ...ResourceOption) (*OrganizationRole, error)
public OrganizationRole(string name, OrganizationRoleArgs args, CustomResourceOptions? opts = null)
public OrganizationRole(String name, OrganizationRoleArgs args)
public OrganizationRole(String name, OrganizationRoleArgs args, CustomResourceOptions options)
type: google-native:iam/v1:OrganizationRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationRoleResource = new GoogleNative.IAM.V1.OrganizationRole("organizationRoleResource", new()
{
OrganizationId = "string",
Deleted = false,
Description = "string",
Etag = "string",
IncludedPermissions = new[]
{
"string",
},
Name = "string",
RoleId = "string",
Stage = GoogleNative.IAM.V1.OrganizationRoleStage.Alpha,
Title = "string",
});
example, err := iam.NewOrganizationRole(ctx, "organizationRoleResource", &iam.OrganizationRoleArgs{
OrganizationId: pulumi.String("string"),
Deleted: pulumi.Bool(false),
Description: pulumi.String("string"),
Etag: pulumi.String("string"),
IncludedPermissions: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
RoleId: pulumi.String("string"),
Stage: iam.OrganizationRoleStageAlpha,
Title: pulumi.String("string"),
})
var organizationRoleResource = new OrganizationRole("organizationRoleResource", OrganizationRoleArgs.builder()
.organizationId("string")
.deleted(false)
.description("string")
.etag("string")
.includedPermissions("string")
.name("string")
.roleId("string")
.stage("ALPHA")
.title("string")
.build());
organization_role_resource = google_native.iam.v1.OrganizationRole("organizationRoleResource",
organization_id="string",
deleted=False,
description="string",
etag="string",
included_permissions=["string"],
name="string",
role_id="string",
stage=google_native.iam.v1.OrganizationRoleStage.ALPHA,
title="string")
const organizationRoleResource = new google_native.iam.v1.OrganizationRole("organizationRoleResource", {
organizationId: "string",
deleted: false,
description: "string",
etag: "string",
includedPermissions: ["string"],
name: "string",
roleId: "string",
stage: google_native.iam.v1.OrganizationRoleStage.Alpha,
title: "string",
});
type: google-native:iam/v1:OrganizationRole
properties:
deleted: false
description: string
etag: string
includedPermissions:
- string
name: string
organizationId: string
roleId: string
stage: ALPHA
title: string
OrganizationRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationRole resource accepts the following input properties:
- Organization
Id string - Deleted bool
- The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
- Description string
- Optional. A human-readable description for the role.
- Etag string
- Used to perform a consistent read-modify-write.
- Included
Permissions List<string> - The names of the permissions this role grants when bound in an IAM policy.
- Name string
- The name of the role. When
Role
is used inCreateRole
, the role name must not be set. WhenRole
is used in output and other input such asUpdateRole
, the role name is the complete path. For example,roles/logging.viewer
for predefined roles,organizations/{ORGANIZATION_ID}/roles/my-role
for organization-level custom roles, andprojects/{PROJECT_ID}/roles/my-role
for project-level custom roles. - Role
Id string - The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (
_
), and periods (.
). It must contain a minimum of 3 characters and a maximum of 64 characters. - Stage
Pulumi.
Google Native. IAM. V1. Organization Role Stage - The current launch stage of the role. If the
ALPHA
launch stage has been selected for a role, thestage
field will not be included in the returned definition for the role. - Title string
- Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
- Organization
Id string - Deleted bool
- The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
- Description string
- Optional. A human-readable description for the role.
- Etag string
- Used to perform a consistent read-modify-write.
- Included
Permissions []string - The names of the permissions this role grants when bound in an IAM policy.
- Name string
- The name of the role. When
Role
is used inCreateRole
, the role name must not be set. WhenRole
is used in output and other input such asUpdateRole
, the role name is the complete path. For example,roles/logging.viewer
for predefined roles,organizations/{ORGANIZATION_ID}/roles/my-role
for organization-level custom roles, andprojects/{PROJECT_ID}/roles/my-role
for project-level custom roles. - Role
Id string - The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (
_
), and periods (.
). It must contain a minimum of 3 characters and a maximum of 64 characters. - Stage
Organization
Role Stage - The current launch stage of the role. If the
ALPHA
launch stage has been selected for a role, thestage
field will not be included in the returned definition for the role. - Title string
- Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
- organization
Id String - deleted Boolean
- The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
- description String
- Optional. A human-readable description for the role.
- etag String
- Used to perform a consistent read-modify-write.
- included
Permissions List<String> - The names of the permissions this role grants when bound in an IAM policy.
- name String
- The name of the role. When
Role
is used inCreateRole
, the role name must not be set. WhenRole
is used in output and other input such asUpdateRole
, the role name is the complete path. For example,roles/logging.viewer
for predefined roles,organizations/{ORGANIZATION_ID}/roles/my-role
for organization-level custom roles, andprojects/{PROJECT_ID}/roles/my-role
for project-level custom roles. - role
Id String - The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (
_
), and periods (.
). It must contain a minimum of 3 characters and a maximum of 64 characters. - stage
Organization
Role Stage - The current launch stage of the role. If the
ALPHA
launch stage has been selected for a role, thestage
field will not be included in the returned definition for the role. - title String
- Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
- organization
Id string - deleted boolean
- The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
- description string
- Optional. A human-readable description for the role.
- etag string
- Used to perform a consistent read-modify-write.
- included
Permissions string[] - The names of the permissions this role grants when bound in an IAM policy.
- name string
- The name of the role. When
Role
is used inCreateRole
, the role name must not be set. WhenRole
is used in output and other input such asUpdateRole
, the role name is the complete path. For example,roles/logging.viewer
for predefined roles,organizations/{ORGANIZATION_ID}/roles/my-role
for organization-level custom roles, andprojects/{PROJECT_ID}/roles/my-role
for project-level custom roles. - role
Id string - The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (
_
), and periods (.
). It must contain a minimum of 3 characters and a maximum of 64 characters. - stage
Organization
Role Stage - The current launch stage of the role. If the
ALPHA
launch stage has been selected for a role, thestage
field will not be included in the returned definition for the role. - title string
- Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
- organization_
id str - deleted bool
- The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
- description str
- Optional. A human-readable description for the role.
- etag str
- Used to perform a consistent read-modify-write.
- included_
permissions Sequence[str] - The names of the permissions this role grants when bound in an IAM policy.
- name str
- The name of the role. When
Role
is used inCreateRole
, the role name must not be set. WhenRole
is used in output and other input such asUpdateRole
, the role name is the complete path. For example,roles/logging.viewer
for predefined roles,organizations/{ORGANIZATION_ID}/roles/my-role
for organization-level custom roles, andprojects/{PROJECT_ID}/roles/my-role
for project-level custom roles. - role_
id str - The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (
_
), and periods (.
). It must contain a minimum of 3 characters and a maximum of 64 characters. - stage
Organization
Role Stage - The current launch stage of the role. If the
ALPHA
launch stage has been selected for a role, thestage
field will not be included in the returned definition for the role. - title str
- Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
- organization
Id String - deleted Boolean
- The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
- description String
- Optional. A human-readable description for the role.
- etag String
- Used to perform a consistent read-modify-write.
- included
Permissions List<String> - The names of the permissions this role grants when bound in an IAM policy.
- name String
- The name of the role. When
Role
is used inCreateRole
, the role name must not be set. WhenRole
is used in output and other input such asUpdateRole
, the role name is the complete path. For example,roles/logging.viewer
for predefined roles,organizations/{ORGANIZATION_ID}/roles/my-role
for organization-level custom roles, andprojects/{PROJECT_ID}/roles/my-role
for project-level custom roles. - role
Id String - The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (
_
), and periods (.
). It must contain a minimum of 3 characters and a maximum of 64 characters. - stage "ALPHA" | "BETA" | "GA" | "DEPRECATED" | "DISABLED" | "EAP"
- The current launch stage of the role. If the
ALPHA
launch stage has been selected for a role, thestage
field will not be included in the returned definition for the role. - title String
- Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
OrganizationRoleStage, OrganizationRoleStageArgs
- Alpha
- ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the
stage
field will not be included when requesting the definition for a given role. - Beta
- BETAThe user has indicated this role is currently in a Beta phase.
- Ga
- GAThe user has indicated this role is generally available.
- Deprecated
- DEPRECATEDThe user has indicated this role is being deprecated.
- Disabled
- DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
- Eap
- EAPThe user has indicated this role is currently in an EAP phase.
- Organization
Role Stage Alpha - ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the
stage
field will not be included when requesting the definition for a given role. - Organization
Role Stage Beta - BETAThe user has indicated this role is currently in a Beta phase.
- Organization
Role Stage Ga - GAThe user has indicated this role is generally available.
- Organization
Role Stage Deprecated - DEPRECATEDThe user has indicated this role is being deprecated.
- Organization
Role Stage Disabled - DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
- Organization
Role Stage Eap - EAPThe user has indicated this role is currently in an EAP phase.
- Alpha
- ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the
stage
field will not be included when requesting the definition for a given role. - Beta
- BETAThe user has indicated this role is currently in a Beta phase.
- Ga
- GAThe user has indicated this role is generally available.
- Deprecated
- DEPRECATEDThe user has indicated this role is being deprecated.
- Disabled
- DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
- Eap
- EAPThe user has indicated this role is currently in an EAP phase.
- Alpha
- ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the
stage
field will not be included when requesting the definition for a given role. - Beta
- BETAThe user has indicated this role is currently in a Beta phase.
- Ga
- GAThe user has indicated this role is generally available.
- Deprecated
- DEPRECATEDThe user has indicated this role is being deprecated.
- Disabled
- DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
- Eap
- EAPThe user has indicated this role is currently in an EAP phase.
- ALPHA
- ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the
stage
field will not be included when requesting the definition for a given role. - BETA
- BETAThe user has indicated this role is currently in a Beta phase.
- GA
- GAThe user has indicated this role is generally available.
- DEPRECATED
- DEPRECATEDThe user has indicated this role is being deprecated.
- DISABLED
- DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
- EAP
- EAPThe user has indicated this role is currently in an EAP phase.
- "ALPHA"
- ALPHAThe user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the
stage
field will not be included when requesting the definition for a given role. - "BETA"
- BETAThe user has indicated this role is currently in a Beta phase.
- "GA"
- GAThe user has indicated this role is generally available.
- "DEPRECATED"
- DEPRECATEDThe user has indicated this role is being deprecated.
- "DISABLED"
- DISABLEDThis role is disabled and will not contribute permissions to any principals it is granted to in policies.
- "EAP"
- EAPThe user has indicated this role is currently in an EAP phase.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.