Permalink
Fetching contributors…
Cannot retrieve contributors at this time
116 lines (109 sloc) 5.31 KB
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
import * as pulumi from "@pulumi/pulumi";
import * as utilities from "../utilities";
/**
* Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:
*
* * `google_storage_bucket_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
* * `google_storage_bucket_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
* * `google_storage_bucket_iam_policy`: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there's a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple google_storage_bucket_iam_binding resources will be much safer. See the usage example on how to work with policy correctly.
*
*
* ~> **Note:** `google_storage_bucket_iam_binding` resources **can be** used in conjunction with `google_storage_bucket_iam_member` resources **only if** they do not grant privilege to the same role.
*/
export class BucketIAMBinding extends pulumi.CustomResource {
/**
* Get an existing BucketIAMBinding resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
*/
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketIAMBindingState): BucketIAMBinding {
return new BucketIAMBinding(name, <any>state, { id });
}
/**
* The name of the bucket it applies to.
*/
public readonly bucket: pulumi.Output<string>;
/**
* (Computed) The etag of the storage bucket's IAM policy.
*/
public /*out*/ readonly etag: pulumi.Output<string>;
public readonly members: pulumi.Output<string[]>;
/**
* The role that should be applied. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
public readonly role: pulumi.Output<string>;
/**
* Create a BucketIAMBinding resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: BucketIAMBindingArgs, opts?: pulumi.CustomResourceOptions)
constructor(name: string, argsOrState?: BucketIAMBindingArgs | BucketIAMBindingState, opts?: pulumi.CustomResourceOptions) {
let inputs: pulumi.Inputs = {};
if (opts && opts.id) {
const state: BucketIAMBindingState = argsOrState as BucketIAMBindingState | undefined;
inputs["bucket"] = state ? state.bucket : undefined;
inputs["etag"] = state ? state.etag : undefined;
inputs["members"] = state ? state.members : undefined;
inputs["role"] = state ? state.role : undefined;
} else {
const args = argsOrState as BucketIAMBindingArgs | undefined;
if (!args || args.bucket === undefined) {
throw new Error("Missing required property 'bucket'");
}
if (!args || args.members === undefined) {
throw new Error("Missing required property 'members'");
}
if (!args || args.role === undefined) {
throw new Error("Missing required property 'role'");
}
inputs["bucket"] = args ? args.bucket : undefined;
inputs["members"] = args ? args.members : undefined;
inputs["role"] = args ? args.role : undefined;
inputs["etag"] = undefined /*out*/;
}
super("gcp:storage/bucketIAMBinding:BucketIAMBinding", name, inputs, opts);
}
}
/**
* Input properties used for looking up and filtering BucketIAMBinding resources.
*/
export interface BucketIAMBindingState {
/**
* The name of the bucket it applies to.
*/
readonly bucket?: pulumi.Input<string>;
/**
* (Computed) The etag of the storage bucket's IAM policy.
*/
readonly etag?: pulumi.Input<string>;
readonly members?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The role that should be applied. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
readonly role?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a BucketIAMBinding resource.
*/
export interface BucketIAMBindingArgs {
/**
* The name of the bucket it applies to.
*/
readonly bucket: pulumi.Input<string>;
readonly members: pulumi.Input<pulumi.Input<string>[]>;
/**
* The role that should be applied. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
readonly role: pulumi.Input<string>;
}