/
managedFolderIamMember.go
223 lines (193 loc) · 13 KB
/
managedFolderIamMember.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
// Code generated by the Pulumi SDK Generator DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
package v1
import (
"context"
"reflect"
"errors"
iam "github.com/pulumi/pulumi-google-native/sdk/go/google/iam/v1"
"github.com/pulumi/pulumi-google-native/sdk/go/google/internal"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Updates an IAM policy for the specified managed folder.
type ManagedFolderIamMember struct {
pulumi.CustomResourceState
// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
Condition iam.ConditionPtrOutput `pulumi:"condition"`
// The etag of the resource's IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
// - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
// - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
// - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
// - serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
// - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
// - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
// - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
// - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
// - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
Member pulumi.StringOutput `pulumi:"member"`
// The name of the resource to manage IAM policies for.
Name pulumi.StringOutput `pulumi:"name"`
// The project in which the resource belongs. If it is not provided, a default will be supplied.
Project pulumi.StringOutput `pulumi:"project"`
// The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
// The new IAM roles are:
// - roles/storage.admin — Full control of Google Cloud Storage resources.
// - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
// - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
// - roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
// - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
// - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
// - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
// - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
// - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
Role pulumi.StringOutput `pulumi:"role"`
}
// NewManagedFolderIamMember registers a new resource with the given unique name, arguments, and options.
func NewManagedFolderIamMember(ctx *pulumi.Context,
name string, args *ManagedFolderIamMemberArgs, opts ...pulumi.ResourceOption) (*ManagedFolderIamMember, error) {
if args == nil {
return nil, errors.New("missing one or more required arguments")
}
if args.Member == nil {
return nil, errors.New("invalid value for required argument 'Member'")
}
if args.Name == nil {
return nil, errors.New("invalid value for required argument 'Name'")
}
if args.Role == nil {
return nil, errors.New("invalid value for required argument 'Role'")
}
opts = internal.PkgResourceDefaultOpts(opts)
var resource ManagedFolderIamMember
err := ctx.RegisterResource("google-native:storage/v1:ManagedFolderIamMember", name, args, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// GetManagedFolderIamMember gets an existing ManagedFolderIamMember resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetManagedFolderIamMember(ctx *pulumi.Context,
name string, id pulumi.IDInput, state *ManagedFolderIamMemberState, opts ...pulumi.ResourceOption) (*ManagedFolderIamMember, error) {
var resource ManagedFolderIamMember
err := ctx.ReadResource("google-native:storage/v1:ManagedFolderIamMember", name, id, state, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// Input properties used for looking up and filtering ManagedFolderIamMember resources.
type managedFolderIamMemberState struct {
}
type ManagedFolderIamMemberState struct {
}
func (ManagedFolderIamMemberState) ElementType() reflect.Type {
return reflect.TypeOf((*managedFolderIamMemberState)(nil)).Elem()
}
type managedFolderIamMemberArgs struct {
// An IAM Condition for a given binding.
Condition *iam.Condition `pulumi:"condition"`
// Identity that will be granted the privilege in role. The entry can have one of the following values:
//
// * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
// * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
// * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
// * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
Member string `pulumi:"member"`
// The name of the resource to manage IAM policies for.
Name string `pulumi:"name"`
// The role that should be applied.
Role string `pulumi:"role"`
}
// The set of arguments for constructing a ManagedFolderIamMember resource.
type ManagedFolderIamMemberArgs struct {
// An IAM Condition for a given binding.
Condition iam.ConditionPtrInput
// Identity that will be granted the privilege in role. The entry can have one of the following values:
//
// * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
// * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
// * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
// * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
Member pulumi.StringInput
// The name of the resource to manage IAM policies for.
Name pulumi.StringInput
// The role that should be applied.
Role pulumi.StringInput
}
func (ManagedFolderIamMemberArgs) ElementType() reflect.Type {
return reflect.TypeOf((*managedFolderIamMemberArgs)(nil)).Elem()
}
type ManagedFolderIamMemberInput interface {
pulumi.Input
ToManagedFolderIamMemberOutput() ManagedFolderIamMemberOutput
ToManagedFolderIamMemberOutputWithContext(ctx context.Context) ManagedFolderIamMemberOutput
}
func (*ManagedFolderIamMember) ElementType() reflect.Type {
return reflect.TypeOf((**ManagedFolderIamMember)(nil)).Elem()
}
func (i *ManagedFolderIamMember) ToManagedFolderIamMemberOutput() ManagedFolderIamMemberOutput {
return i.ToManagedFolderIamMemberOutputWithContext(context.Background())
}
func (i *ManagedFolderIamMember) ToManagedFolderIamMemberOutputWithContext(ctx context.Context) ManagedFolderIamMemberOutput {
return pulumi.ToOutputWithContext(ctx, i).(ManagedFolderIamMemberOutput)
}
type ManagedFolderIamMemberOutput struct{ *pulumi.OutputState }
func (ManagedFolderIamMemberOutput) ElementType() reflect.Type {
return reflect.TypeOf((**ManagedFolderIamMember)(nil)).Elem()
}
func (o ManagedFolderIamMemberOutput) ToManagedFolderIamMemberOutput() ManagedFolderIamMemberOutput {
return o
}
func (o ManagedFolderIamMemberOutput) ToManagedFolderIamMemberOutputWithContext(ctx context.Context) ManagedFolderIamMemberOutput {
return o
}
// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (o ManagedFolderIamMemberOutput) Condition() iam.ConditionPtrOutput {
return o.ApplyT(func(v *ManagedFolderIamMember) iam.ConditionPtrOutput { return v.Condition }).(iam.ConditionPtrOutput)
}
// The etag of the resource's IAM policy.
func (o ManagedFolderIamMemberOutput) Etag() pulumi.StringOutput {
return o.ApplyT(func(v *ManagedFolderIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput)
}
// A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
// - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
// - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
// - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
// - serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
// - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
// - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
// - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
// - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
// - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
func (o ManagedFolderIamMemberOutput) Member() pulumi.StringOutput {
return o.ApplyT(func(v *ManagedFolderIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput)
}
// The name of the resource to manage IAM policies for.
func (o ManagedFolderIamMemberOutput) Name() pulumi.StringOutput {
return o.ApplyT(func(v *ManagedFolderIamMember) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput)
}
// The project in which the resource belongs. If it is not provided, a default will be supplied.
func (o ManagedFolderIamMemberOutput) Project() pulumi.StringOutput {
return o.ApplyT(func(v *ManagedFolderIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput)
}
// The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
// The new IAM roles are:
// - roles/storage.admin — Full control of Google Cloud Storage resources.
// - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
// - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
// - roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
// - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
// - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
// - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
// - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
// - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
func (o ManagedFolderIamMemberOutput) Role() pulumi.StringOutput {
return o.ApplyT(func(v *ManagedFolderIamMember) pulumi.StringOutput { return v.Role }).(pulumi.StringOutput)
}
func init() {
pulumi.RegisterInputType(reflect.TypeOf((*ManagedFolderIamMemberInput)(nil)).Elem(), &ManagedFolderIamMember{})
pulumi.RegisterOutputType(ManagedFolderIamMemberOutput{})
}