import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Example Usage * * ### Iam Folders Policy Binding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as time from "@pulumiverse/time"; * * const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", { * organization: "123456789", * location: "global", * displayName: "binding for all principals in the folder", * principalAccessBoundaryPolicyId: "my-pab-policy", * }); * const folder = new gcp.organizations.Folder("folder", { * displayName: "my folder", * parent: "organizations/123456789", * deletionProtection: false, * }); * const wait120s = new time.Sleep("wait_120s", {createDuration: "120s"}, { * dependsOn: [folder], * }); * const binding_for_all_folder_principals = new gcp.iam.FoldersPolicyBinding("binding-for-all-folder-principals", { * folder: folder.folderId, * location: "global", * displayName: "binding for all principals in the folder", * policyKind: "PRINCIPAL_ACCESS_BOUNDARY", * policyBindingId: "binding-for-all-folder-principals", * policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`, * target: { * principalSet: pulumi.interpolate`//cloudresourcemanager.googleapis.com/folders/${folder.folderId}`, * }, * }, { * dependsOn: [wait120s], * }); * ``` * * ## Import * * FoldersPolicyBinding can be imported using any of these accepted formats: * * * `folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}` * * * `{{folder}}/{{location}}/{{policy_binding_id}}` * * When using the `pulumi import` command, FoldersPolicyBinding can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}} * ``` * * ```sh * $ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default {{folder}}/{{location}}/{{policy_binding_id}} * ``` */ export declare class FoldersPolicyBinding extends pulumi.CustomResource { /** * Get an existing FoldersPolicyBinding resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FoldersPolicyBindingState, opts?: pulumi.CustomResourceOptions): FoldersPolicyBinding; /** * Returns true if the given object is an instance of FoldersPolicyBinding. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FoldersPolicyBinding; /** * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ readonly annotations: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Represents a textual expression in the Common Expression Language * (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of * CEL are documented at https://github.com/google/cel-spec. * Example (Comparison): * title: \"Summary size limit\" * description: \"Determines if a summary is less than 100 chars\" * expression: \"document.summary.size() < 100\" * Example * (Equality): * title: \"Requestor is owner\" * description: \"Determines if requestor is the document owner\" * expression: \"document.owner == request.auth.claims.email\" Example * (Logic): * title: \"Public documents\" * description: \"Determine whether the document should be publicly visible\" * expression: \"document.type != 'private' && document.type != 'internal'\" * Example (Data Manipulation): * title: \"Notification string\" * description: \"Create a notification string with a timestamp.\" * expression: \"'New message received at ' + string(document.create_time)\" * The exact variables and functions that may be referenced within an expression are * determined by the service that evaluates it. See the service documentation for * additional information. * Structure is documented below. */ readonly condition: pulumi.Output; /** * Output only. The time when the policy binding was created. */ readonly createTime: pulumi.Output; /** * Optional. The description of the policy binding. Must be less than or equal to 63 characters. */ readonly displayName: pulumi.Output; readonly effectiveAnnotations: pulumi.Output<{ [key: string]: string; }>; /** * Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. */ readonly etag: pulumi.Output; /** * The parent folder for the PolicyBinding. */ readonly folder: pulumi.Output; /** * The location of the PolicyBinding. */ readonly location: pulumi.Output; /** * The name of the policy binding in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}` */ readonly name: pulumi.Output; /** * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). */ readonly policy: pulumi.Output; /** * The Policy Binding ID. */ readonly policyBindingId: pulumi.Output; /** * Immutable. The kind of the policy to attach in this binding. This * field must be one of the following: - Left empty (will be automatically set * to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS */ readonly policyKind: pulumi.Output; /** * Output only. The globally unique ID of the policy to be bound. */ readonly policyUid: pulumi.Output; /** * Target is the full resource name of the resource to which the policy will be bound. Immutable once set. * Structure is documented below. */ readonly target: pulumi.Output; /** * Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. */ readonly uid: pulumi.Output; /** * Output only. The time when the policy binding was most recently updated. */ readonly updateTime: pulumi.Output; /** * Create a FoldersPolicyBinding resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FoldersPolicyBindingArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering FoldersPolicyBinding resources. */ export interface FoldersPolicyBindingState { /** * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Represents a textual expression in the Common Expression Language * (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of * CEL are documented at https://github.com/google/cel-spec. * Example (Comparison): * title: \"Summary size limit\" * description: \"Determines if a summary is less than 100 chars\" * expression: \"document.summary.size() < 100\" * Example * (Equality): * title: \"Requestor is owner\" * description: \"Determines if requestor is the document owner\" * expression: \"document.owner == request.auth.claims.email\" Example * (Logic): * title: \"Public documents\" * description: \"Determine whether the document should be publicly visible\" * expression: \"document.type != 'private' && document.type != 'internal'\" * Example (Data Manipulation): * title: \"Notification string\" * description: \"Create a notification string with a timestamp.\" * expression: \"'New message received at ' + string(document.create_time)\" * The exact variables and functions that may be referenced within an expression are * determined by the service that evaluates it. See the service documentation for * additional information. * Structure is documented below. */ condition?: pulumi.Input; /** * Output only. The time when the policy binding was created. */ createTime?: pulumi.Input; /** * Optional. The description of the policy binding. Must be less than or equal to 63 characters. */ displayName?: pulumi.Input; effectiveAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. */ etag?: pulumi.Input; /** * The parent folder for the PolicyBinding. */ folder?: pulumi.Input; /** * The location of the PolicyBinding. */ location?: pulumi.Input; /** * The name of the policy binding in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}` */ name?: pulumi.Input; /** * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). */ policy?: pulumi.Input; /** * The Policy Binding ID. */ policyBindingId?: pulumi.Input; /** * Immutable. The kind of the policy to attach in this binding. This * field must be one of the following: - Left empty (will be automatically set * to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS */ policyKind?: pulumi.Input; /** * Output only. The globally unique ID of the policy to be bound. */ policyUid?: pulumi.Input; /** * Target is the full resource name of the resource to which the policy will be bound. Immutable once set. * Structure is documented below. */ target?: pulumi.Input; /** * Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. */ uid?: pulumi.Input; /** * Output only. The time when the policy binding was most recently updated. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a FoldersPolicyBinding resource. */ export interface FoldersPolicyBindingArgs { /** * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Represents a textual expression in the Common Expression Language * (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of * CEL are documented at https://github.com/google/cel-spec. * Example (Comparison): * title: \"Summary size limit\" * description: \"Determines if a summary is less than 100 chars\" * expression: \"document.summary.size() < 100\" * Example * (Equality): * title: \"Requestor is owner\" * description: \"Determines if requestor is the document owner\" * expression: \"document.owner == request.auth.claims.email\" Example * (Logic): * title: \"Public documents\" * description: \"Determine whether the document should be publicly visible\" * expression: \"document.type != 'private' && document.type != 'internal'\" * Example (Data Manipulation): * title: \"Notification string\" * description: \"Create a notification string with a timestamp.\" * expression: \"'New message received at ' + string(document.create_time)\" * The exact variables and functions that may be referenced within an expression are * determined by the service that evaluates it. See the service documentation for * additional information. * Structure is documented below. */ condition?: pulumi.Input; /** * Optional. The description of the policy binding. Must be less than or equal to 63 characters. */ displayName?: pulumi.Input; /** * The parent folder for the PolicyBinding. */ folder: pulumi.Input; /** * The location of the PolicyBinding. */ location: pulumi.Input; /** * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). */ policy: pulumi.Input; /** * The Policy Binding ID. */ policyBindingId: pulumi.Input; /** * Immutable. The kind of the policy to attach in this binding. This * field must be one of the following: - Left empty (will be automatically set * to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS */ policyKind?: pulumi.Input; /** * Target is the full resource name of the resource to which the policy will be bound. Immutable once set. * Structure is documented below. */ target: pulumi.Input; }