pulumi-gcp-kotlin/com.pulumi.gcp.iam.kotlin/PrincipalAccessBoundaryPolicyArgs

PrincipalAccessBoundaryPolicyArgs

data class PrincipalAccessBoundaryPolicyArgs(val annotations: Output<Map<String, String>>? = null, val details: Output<PrincipalAccessBoundaryPolicyDetailsArgs>? = null, val displayName: Output<String>? = null, val location: Output<String>? = null, val organization: Output<String>? = null, val principalAccessBoundaryPolicyId: Output<String>? = null) : ConvertibleToJava<PrincipalAccessBoundaryPolicyArgs>

Example Usage

Iam Principal Access Boundary Policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const pab_policy_for_org = new gcp.iam.PrincipalAccessBoundaryPolicy("pab-policy-for-org", {
    organization: "123456789",
    location: "global",
    displayName: "PAB policy for Organization",
    principalAccessBoundaryPolicyId: "pab-policy-for-org",
});

import pulumi
import pulumi_gcp as gcp
pab_policy_for_org = gcp.iam.PrincipalAccessBoundaryPolicy("pab-policy-for-org",
    organization="123456789",
    location="global",
    display_name="PAB policy for Organization",
    principal_access_boundary_policy_id="pab-policy-for-org")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var pab_policy_for_org = new Gcp.Iam.PrincipalAccessBoundaryPolicy("pab-policy-for-org", new()
    {
        Organization = "123456789",
        Location = "global",
        DisplayName = "PAB policy for Organization",
        PrincipalAccessBoundaryPolicyId = "pab-policy-for-org",
    });
});

package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, "pab-policy-for-org", &iam.PrincipalAccessBoundaryPolicyArgs{
			Organization:                    pulumi.String("123456789"),
			Location:                        pulumi.String("global"),
			DisplayName:                     pulumi.String("PAB policy for Organization"),
			PrincipalAccessBoundaryPolicyId: pulumi.String("pab-policy-for-org"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var pab_policy_for_org = new PrincipalAccessBoundaryPolicy("pab-policy-for-org", PrincipalAccessBoundaryPolicyArgs.builder()
            .organization("123456789")
            .location("global")
            .displayName("PAB policy for Organization")
            .principalAccessBoundaryPolicyId("pab-policy-for-org")
            .build());
    }
}

resources:
  pab-policy-for-org:
    type: gcp:iam:PrincipalAccessBoundaryPolicy
    properties:
      organization: '123456789'
      location: global
      displayName: PAB policy for Organization
      principalAccessBoundaryPolicyId: pab-policy-for-org

Iam Organizations Policy Binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as time from "@pulumi/time";
const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", {
    organization: "123456789",
    location: "global",
    displayName: "Binding for all principals in the Organization",
    principalAccessBoundaryPolicyId: "my-pab-policy",
});
const wait60Seconds = new time.index.Sleep("wait_60_seconds", {createDuration: "60s"}, {
    dependsOn: [pabPolicy],
});
const my_pab_policy = new gcp.iam.OrganizationsPolicyBinding("my-pab-policy", {
    organization: "123456789",
    location: "global",
    displayName: "Binding for all principals in the Organization",
    policyKind: "PRINCIPAL_ACCESS_BOUNDARY",
    policyBindingId: "binding-for-all-org-principals",
    policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,
    target: {
        principalSet: "//cloudresourcemanager.googleapis.com/organizations/123456789",
    },
}, {
    dependsOn: [wait60Seconds],
});

import pulumi
import pulumi_gcp as gcp
import pulumi_time as time
pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
    organization="123456789",
    location="global",
    display_name="Binding for all principals in the Organization",
    principal_access_boundary_policy_id="my-pab-policy")
wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
my_pab_policy = gcp.iam.OrganizationsPolicyBinding("my-pab-policy",
    organization="123456789",
    location="global",
    display_name="Binding for all principals in the Organization",
    policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
    policy_binding_id="binding-for-all-org-principals",
    policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
    target={
        "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
    },
    opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Time = Pulumi.Time;
return await Deployment.RunAsync(() =>
{
    var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy("pab_policy", new()
    {
        Organization = "123456789",
        Location = "global",
        DisplayName = "Binding for all principals in the Organization",
        PrincipalAccessBoundaryPolicyId = "my-pab-policy",
    });
    var wait60Seconds = new Time.Index.Sleep("wait_60_seconds", new()
    {
        CreateDuration = "60s",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            pabPolicy,
        },
    });
    var my_pab_policy = new Gcp.Iam.OrganizationsPolicyBinding("my-pab-policy", new()
    {
        Organization = "123456789",
        Location = "global",
        DisplayName = "Binding for all principals in the Organization",
        PolicyKind = "PRINCIPAL_ACCESS_BOUNDARY",
        PolicyBindingId = "binding-for-all-org-principals",
        Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId => $"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}"),
        Target = new Gcp.Iam.Inputs.OrganizationsPolicyBindingTargetArgs
        {
            PrincipalSet = "//cloudresourcemanager.googleapis.com/organizations/123456789",
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            wait60Seconds,
        },
    });
});

package main
import (
	"fmt"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
	"github.com/pulumi/pulumi-time/sdk/go/time"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, "pab_policy", &iam.PrincipalAccessBoundaryPolicyArgs{
			Organization:                    pulumi.String("123456789"),
			Location:                        pulumi.String("global"),
			DisplayName:                     pulumi.String("Binding for all principals in the Organization"),
			PrincipalAccessBoundaryPolicyId: pulumi.String("my-pab-policy"),
		})
		if err != nil {
			return err
		}
		wait60Seconds, err := time.NewSleep(ctx, "wait_60_seconds", &time.SleepArgs{
			CreateDuration: "60s",
		}, pulumi.DependsOn([]pulumi.Resource{
			pabPolicy,
		}))
		if err != nil {
			return err
		}
		_, err = iam.NewOrganizationsPolicyBinding(ctx, "my-pab-policy", &iam.OrganizationsPolicyBindingArgs{
			Organization:    pulumi.String("123456789"),
			Location:        pulumi.String("global"),
			DisplayName:     pulumi.String("Binding for all principals in the Organization"),
			PolicyKind:      pulumi.String("PRINCIPAL_ACCESS_BOUNDARY"),
			PolicyBindingId: pulumi.String("binding-for-all-org-principals"),
			Policy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {
				return fmt.Sprintf("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v", principalAccessBoundaryPolicyId), nil
			}).(pulumi.StringOutput),
			Target: &iam.OrganizationsPolicyBindingTargetArgs{
				PrincipalSet: pulumi.String("//cloudresourcemanager.googleapis.com/organizations/123456789"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			wait60Seconds,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;
import com.pulumi.time.sleep;
import com.pulumi.time.sleepArgs;
import com.pulumi.gcp.iam.OrganizationsPolicyBinding;
import com.pulumi.gcp.iam.OrganizationsPolicyBindingArgs;
import com.pulumi.gcp.iam.inputs.OrganizationsPolicyBindingTargetArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var pabPolicy = new PrincipalAccessBoundaryPolicy("pabPolicy", PrincipalAccessBoundaryPolicyArgs.builder()
            .organization("123456789")
            .location("global")
            .displayName("Binding for all principals in the Organization")
            .principalAccessBoundaryPolicyId("my-pab-policy")
            .build());
        var wait60Seconds = new Sleep("wait60Seconds", SleepArgs.builder()
            .createDuration("60s")
            .build(), CustomResourceOptions.builder()
                .dependsOn(List.of(pabPolicy))
                .build());
        var my_pab_policy = new OrganizationsPolicyBinding("my-pab-policy", OrganizationsPolicyBindingArgs.builder()
            .organization("123456789")
            .location("global")
            .displayName("Binding for all principals in the Organization")
            .policyKind("PRINCIPAL_ACCESS_BOUNDARY")
            .policyBindingId("binding-for-all-org-principals")
            .policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(_principalAccessBoundaryPolicyId -> String.format("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s", _principalAccessBoundaryPolicyId)))
            .target(OrganizationsPolicyBindingTargetArgs.builder()
                .principalSet("//cloudresourcemanager.googleapis.com/organizations/123456789")
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(wait60Seconds)
                .build());
    }
}

resources:
  pabPolicy:
    type: gcp:iam:PrincipalAccessBoundaryPolicy
    name: pab_policy
    properties:
      organization: '123456789'
      location: global
      displayName: Binding for all principals in the Organization
      principalAccessBoundaryPolicyId: my-pab-policy
  wait60Seconds:
    type: time:sleep
    name: wait_60_seconds
    properties:
      createDuration: 60s
    options:
      dependsOn:
        - ${pabPolicy}
  my-pab-policy:
    type: gcp:iam:OrganizationsPolicyBinding
    properties:
      organization: '123456789'
      location: global
      displayName: Binding for all principals in the Organization
      policyKind: PRINCIPAL_ACCESS_BOUNDARY
      policyBindingId: binding-for-all-org-principals
      policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}
      target:
        principalSet: //cloudresourcemanager.googleapis.com/organizations/123456789
    options:
      dependsOn:
        - ${wait60Seconds}

Import

PrincipalAccessBoundaryPolicy can be imported using any of these accepted formats:

organizations/{{organization}}/locations/{{location}}/principalAccessBoundaryPolicies/{{principal_access_boundary_policy_id}}
{{organization}}/{{location}}/{{principal_access_boundary_policy_id}} When using the pulumi import command, PrincipalAccessBoundaryPolicy can be imported using one of the formats above. For example:

$ pulumi import gcp:iam/principalAccessBoundaryPolicy:PrincipalAccessBoundaryPolicy default organizations/{{organization}}/locations/{{location}}/principalAccessBoundaryPolicies/{{principal_access_boundary_policy_id}}

$ pulumi import gcp:iam/principalAccessBoundaryPolicy:PrincipalAccessBoundaryPolicy default {{organization}}/{{location}}/{{principal_access_boundary_policy_id}}

Constructors

PrincipalAccessBoundaryPolicyArgs

constructor(annotations: Output<Map<String, String>>? = null, details: Output<PrincipalAccessBoundaryPolicyDetailsArgs>? = null, displayName: Output<String>? = null, location: Output<String>? = null, organization: Output<String>? = null, principalAccessBoundaryPolicyId: Output<String>? = null)

Properties

annotations

val annotations: Output<Map<String, String>>? = null

User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource.

details

val details: Output<PrincipalAccessBoundaryPolicyDetailsArgs>? = null

Principal access boundary policy details Structure is documented below.

displayName

val displayName: Output<String>? = null

The description of the principal access boundary policy. Must be less than or equal to 63 characters.

location

val location: Output<String>? = null

The location the principal access boundary policy is in.

organization

val organization: Output<String>? = null

The parent organization of the principal access boundary policy.

principalAccessBoundaryPolicyId

val principalAccessBoundaryPolicyId: Output<String>? = null

The ID to use to create the principal access boundary policy. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/.

Functions

toJava

open override fun toJava(): PrincipalAccessBoundaryPolicyArgs