pulumi-gcp-kotlin/com.pulumi.gcp.projects.kotlin/IAMCustomRoleArgs

IAMCustomRoleArgs

data class IAMCustomRoleArgs(val description: Output<String>? = null, val permissions: Output<List<String>>? = null, val project: Output<String>? = null, val roleId: Output<String>? = null, val stage: Output<String>? = null, val title: Output<String>? = null) : ConvertibleToJava<IAMCustomRoleArgs>

Allows management of a customized Cloud IAM project role. For more information see the official documentation and API.

Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by the provider, and new roles cannot share that name.

Example Usage

This snippet creates a customized IAM role.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const my_custom_role = new gcp.projects.IAMCustomRole("my-custom-role", {
    roleId: "myCustomRole",
    title: "My Custom Role",
    description: "A description",
    permissions: [
        "iam.roles.list",
        "iam.roles.create",
        "iam.roles.delete",
    ],
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
my_custom_role = gcp.projects.IAMCustomRole("my-custom-role",
    role_id="myCustomRole",
    title="My Custom Role",
    description="A description",
    permissions=[
        "iam.roles.list",
        "iam.roles.create",
        "iam.roles.delete",
    ])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var my_custom_role = new Gcp.Projects.IAMCustomRole("my-custom-role", new()
    {
        RoleId = "myCustomRole",
        Title = "My Custom Role",
        Description = "A description",
        Permissions = new[]
        {
            "iam.roles.list",
            "iam.roles.create",
            "iam.roles.delete",
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMCustomRole(ctx, "my-custom-role", &projects.IAMCustomRoleArgs{
			RoleId:      pulumi.String("myCustomRole"),
			Title:       pulumi.String("My Custom Role"),
			Description: pulumi.String("A description"),
			Permissions: pulumi.StringArray{
				pulumi.String("iam.roles.list"),
				pulumi.String("iam.roles.create"),
				pulumi.String("iam.roles.delete"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.IAMCustomRole;
import com.pulumi.gcp.projects.IAMCustomRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var my_custom_role = new IAMCustomRole("my-custom-role", IAMCustomRoleArgs.builder()
            .roleId("myCustomRole")
            .title("My Custom Role")
            .description("A description")
            .permissions(
                "iam.roles.list",
                "iam.roles.create",
                "iam.roles.delete")
            .build());
    }
}
Content copied to clipboard
resources:
  my-custom-role:
    type: gcp:projects:IAMCustomRole
    properties:
      roleId: myCustomRole
      title: My Custom Role
      description: A description
      permissions:
        - iam.roles.list
        - iam.roles.create
        - iam.roles.delete
Content copied to clipboard

Import

Custom Roles can be imported using any of these accepted formats:

  • projects/{{project}}/roles/{{role_id}}

  • {{project}}/{{role_id}}

  • {{role_id}} When using the pulumi import command, Custom Roles can be imported using one of the formats above. For example:

$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default projects/{{project}}/roles/{{role_id}}
Content copied to clipboard
$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{project}}/{{role_id}}
Content copied to clipboard
$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{role_id}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(description: Output<String>? = null, permissions: Output<List<String>>? = null, project: Output<String>? = null, roleId: Output<String>? = null, stage: Output<String>? = null, title: Output<String>? = null)

Properties

Link copied to clipboard
val description: Output<String>? = null

A human-readable description for the role.

Link copied to clipboard
val permissions: Output<List<String>>? = null

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

Link copied to clipboard
val project: Output<String>? = null

The project that the custom role will be created in. Defaults to the provider project configuration.

Link copied to clipboard
val roleId: Output<String>? = null

The camel case role id to use for this role. Cannot contain - characters.

Link copied to clipboard
val stage: Output<String>? = null

The current launch stage of the role. Defaults to GA. List of possible stages is here.

Link copied to clipboard
val title: Output<String>? = null

A human-readable title for the role.

Functions

Link copied to clipboard
open override fun toJava(): IAMCustomRoleArgs