IAMCustom
Allows management of a customized Cloud IAM project role. For more information see the official documentation and API.
Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by the provider, and new roles cannot share that name.
Example Usage
This snippet creates a customized IAM role.
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.IAMCustomRole;
import com.pulumi.gcp.projects.IAMCustomRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var my_custom_role = new IAMCustomRole("my-custom-role", IAMCustomRoleArgs.builder()
.description("A description")
.permissions(
"iam.roles.list",
"iam.roles.create",
"iam.roles.delete")
.roleId("myCustomRole")
.title("My Custom Role")
.build());
}
}Import
Custom Roles can be imported using any of these accepted formats
$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default projects/{{project}}/roles/{{role_id}}$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{project}}/{{role_id}}$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{role_id}}