get
Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform IAM resources, such as the gcp.projects.IAMPolicy resource. Note: Please review the documentation of the resource that you will be using the datasource with. Some resources such as gcp.projects.IAMPolicy and others have limitations in their API methods which are noted on their respective page.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const admin = gcp.organizations.getIAMPolicy({
auditConfigs: [{
auditLogConfigs: [
{
exemptedMembers: ["user:you@domain.com"],
logType: "DATA_READ",
},
{
logType: "DATA_WRITE",
},
{
logType: "ADMIN_READ",
},
],
service: "cloudkms.googleapis.com",
}],
bindings: [
{
members: ["serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com"],
role: "roles/compute.instanceAdmin",
},
{
members: ["user:alice@gmail.com"],
role: "roles/storage.objectViewer",
},
],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
admin = gcp.organizations.get_iam_policy(audit_configs=[gcp.organizations.GetIAMPolicyAuditConfigArgs(
audit_log_configs=[
gcp.organizations.GetIAMPolicyAuditConfigAuditLogConfigArgs(
exempted_members=["user:you@domain.com"],
log_type="DATA_READ",
),
gcp.organizations.GetIAMPolicyAuditConfigAuditLogConfigArgs(
log_type="DATA_WRITE",
),
gcp.organizations.GetIAMPolicyAuditConfigAuditLogConfigArgs(
log_type="ADMIN_READ",
),
],
service="cloudkms.googleapis.com",
)],
bindings=[
gcp.organizations.GetIAMPolicyBindingArgs(
members=["serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com"],
role="roles/compute.instanceAdmin",
),
gcp.organizations.GetIAMPolicyBindingArgs(
members=["user:alice@gmail.com"],
role="roles/storage.objectViewer",
),
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
{
AuditConfigs = new[]
{
new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigInputArgs
{
AuditLogConfigs = new[]
{
new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigInputArgs
{
ExemptedMembers = new[]
{
"user:you@domain.com",
},
LogType = "DATA_READ",
},
new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigInputArgs
{
LogType = "DATA_WRITE",
},
new Gcp.Organizations.Inputs.GetIAMPolicyAuditConfigAuditLogConfigInputArgs
{
LogType = "ADMIN_READ",
},
},
Service = "cloudkms.googleapis.com",
},
},
Bindings = new[]
{
new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
{
Members = new[]
{
"serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com",
},
Role = "roles/compute.instanceAdmin",
},
new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
{
Members = new[]
{
"user:alice@gmail.com",
},
Role = "roles/storage.objectViewer",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
AuditConfigs: []organizations.GetIAMPolicyAuditConfig{
{
AuditLogConfigs: []organizations.GetIAMPolicyAuditConfigAuditLogConfig{
{
ExemptedMembers: []string{
"user:you@domain.com",
},
LogType: "DATA_READ",
},
{
LogType: "DATA_WRITE",
},
{
LogType: "ADMIN_READ",
},
},
Service: "cloudkms.googleapis.com",
},
},
Bindings: []organizations.GetIAMPolicyBinding{
{
Members: []string{
"serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com",
},
Role: "roles/compute.instanceAdmin",
},
{
Members: []string{
"user:alice@gmail.com",
},
Role: "roles/storage.objectViewer",
},
},
}, nil)
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
.auditConfigs(GetIAMPolicyAuditConfigArgs.builder()
.auditLogConfigs(
GetIAMPolicyAuditConfigAuditLogConfigArgs.builder()
.exemptedMembers("user:you@domain.com")
.logType("DATA_READ")
.build(),
GetIAMPolicyAuditConfigAuditLogConfigArgs.builder()
.logType("DATA_WRITE")
.build(),
GetIAMPolicyAuditConfigAuditLogConfigArgs.builder()
.logType("ADMIN_READ")
.build())
.service("cloudkms.googleapis.com")
.build())
.bindings(
GetIAMPolicyBindingArgs.builder()
.members("serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com")
.role("roles/compute.instanceAdmin")
.build(),
GetIAMPolicyBindingArgs.builder()
.members("user:alice@gmail.com")
.role("roles/storage.objectViewer")
.build())
.build());
}
}Content copied to clipboard
variables:
admin:
fn::invoke:
Function: gcp:organizations:getIAMPolicy
Arguments:
auditConfigs:
- auditLogConfigs:
- exemptedMembers:
- user:you@domain.com
logType: DATA_READ
- logType: DATA_WRITE
- logType: ADMIN_READ
service: cloudkms.googleapis.com
bindings:
- members:
- serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com
role: roles/compute.instanceAdmin
- members:
- user:alice@gmail.com
role: roles/storage.objectViewerContent copied to clipboard
This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.
Return
A collection of values returned by getIAMPolicy.
Parameters
argument
A collection of arguments for invoking getIAMPolicy.
suspend fun getIAMPolicy(auditConfigs: List<GetIAMPolicyAuditConfig>? = null, bindings: List<GetIAMPolicyBinding>? = null): GetIAMPolicyResult
Return
A collection of values returned by getIAMPolicy.
Parameters
audit
A nested configuration block that defines logging additional configuration for your project. This field is only supported on gcp.projects.IAMPolicy, gcp.folder.IAMPolicy and gcp.organizations.IAMPolicy.
bindings
A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported. Each document configuration must have one or more binding blocks, which each accept the following arguments:
See also
suspend fun getIAMPolicy(argument: suspend GetIAMPolicyPlainArgsBuilder.() -> Unit): GetIAMPolicyResult
Return
A collection of values returned by getIAMPolicy.
Parameters
argument
Builder for com.pulumi.gcp.organizations.kotlin.inputs.GetIAMPolicyPlainArgs.