Package-level declarations

Creates a folder in the resource hierarchy. Returns an Operation which can be used to track the progress of the folder creation workflow. Upon success, the Operation.response field will be populated with the created Folder. In order to succeed, the addition of this new folder must not violate the folder naming, height, or fanout constraints. + The folder's display_name must be distinct from all other folders that share its parent. + The addition of the folder must not cause the active folder hierarchy to exceed a height of 10. Note, the full active + deleted folder hierarchy is allowed to reach a height of 20; this provides additional headroom when moving folders that contain deleted folders. + The addition of the folder must not cause the total number of folders under its parent to exceed 300. If the operation fails due to a folder constraint violation, some errors may be returned by the CreateFolder request, with status code FAILED_PRECONDITION and an error description. Other folder constraint violations will be communicated in the Operation, with the specific PreconditionFailure returned in the details list in the Operation.error field. The caller must have resourcemanager.folders.create permission on the identified parent. Auto-naming is currently not supported for this resource.

Creates a folder in the resource hierarchy. Returns an Operation which can be used to track the progress of the folder creation workflow. Upon success, the Operation.response field will be populated with the created Folder. In order to succeed, the addition of this new folder must not violate the folder naming, height, or fanout constraints. + The folder's display_name must be distinct from all other folders that share its parent. + The addition of the folder must not cause the active folder hierarchy to exceed a height of 10. Note, the full active + deleted folder hierarchy is allowed to reach a height of 20; this provides additional headroom when moving folders that contain deleted folders. + The addition of the folder must not cause the total number of folders under its parent to exceed 300. If the operation fails due to a folder constraint violation, some errors may be returned by the CreateFolder request, with status code FAILED_PRECONDITION and an error description. Other folder constraint violations will be communicated in the Operation, with the specific PreconditionFailure returned in the details list in the Operation.error field. The caller must have resourcemanager.folders.create permission on the identified parent. Auto-naming is currently not supported for this resource.

Builder for FolderArgs.

Sets the access control policy on a folder, replacing any existing policy. The resource field should be the folder's resource name, for example: "folders/1234". The caller must have resourcemanager.folders.setIamPolicy permission on the identified folder.

Sets the access control policy on a folder, replacing any existing policy. The resource field should be the folder's resource name, for example: "folders/1234". The caller must have resourcemanager.folders.setIamPolicy permission on the identified folder.

Builder for FolderIamBindingArgs.

Builder for FolderIamBinding.

Sets the access control policy on a folder, replacing any existing policy. The resource field should be the folder's resource name, for example: "folders/1234". The caller must have resourcemanager.folders.setIamPolicy permission on the identified folder.

Sets the access control policy on a folder, replacing any existing policy. The resource field should be the folder's resource name, for example: "folders/1234". The caller must have resourcemanager.folders.setIamPolicy permission on the identified folder.

Builder for FolderIamMemberArgs.

Builder for FolderIamMember.

Sets the access control policy on a folder, replacing any existing policy. The resource field should be the folder's resource name, for example: "folders/1234". The caller must have resourcemanager.folders.setIamPolicy permission on the identified folder. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Sets the access control policy on a folder, replacing any existing policy. The resource field should be the folder's resource name, for example: "folders/1234". The caller must have resourcemanager.folders.setIamPolicy permission on the identified folder. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Builder for FolderIamPolicyArgs.

Builder for FolderIamPolicy.

Builder for Folder.

Create a Lien which applies to the resource denoted by the parent field. Callers of this method will require permission on the parent resource. For example, applying to projects/1234 requires permission resourcemanager.projects.updateLiens. NOTE: Some resources may limit the number of Liens which may be applied.

Create a Lien which applies to the resource denoted by the parent field. Callers of this method will require permission on the parent resource. For example, applying to projects/1234 requires permission resourcemanager.projects.updateLiens. NOTE: Some resources may limit the number of Liens which may be applied.

Builder for LienArgs.

Builder for Lien.

Sets the access control policy on an organization resource. Replaces any existing policy. The resource field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission resourcemanager.organizations.setIamPolicy on the specified organization.

Sets the access control policy on an organization resource. Replaces any existing policy. The resource field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission resourcemanager.organizations.setIamPolicy on the specified organization.

Builder for OrganizationIamBindingArgs.

Builder for OrganizationIamBinding.

Sets the access control policy on an organization resource. Replaces any existing policy. The resource field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission resourcemanager.organizations.setIamPolicy on the specified organization.

Sets the access control policy on an organization resource. Replaces any existing policy. The resource field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission resourcemanager.organizations.setIamPolicy on the specified organization.

Builder for OrganizationIamMemberArgs.

Builder for OrganizationIamMember.

Sets the access control policy on an organization resource. Replaces any existing policy. The resource field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission resourcemanager.organizations.setIamPolicy on the specified organization. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Sets the access control policy on an organization resource. Replaces any existing policy. The resource field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission resourcemanager.organizations.setIamPolicy on the specified organization. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Builder for OrganizationIamPolicyArgs.

Builder for OrganizationIamPolicy.

Request that a new project be created. The result is an Operation which can be used to track the creation process. This process usually takes a few seconds, but can sometimes take much longer. The tracking Operation is automatically deleted after a few hours, so there is no need to call DeleteOperation. Auto-naming is currently not supported for this resource.

Request that a new project be created. The result is an Operation which can be used to track the creation process. This process usually takes a few seconds, but can sometimes take much longer. The tracking Operation is automatically deleted after a few hours, so there is no need to call DeleteOperation. Auto-naming is currently not supported for this resource.

Builder for ProjectArgs.

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using setIamPolicy(): + Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy. + The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using setIamPolicy(): + Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy. + The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.

Builder for ProjectIamBindingArgs.

Builder for ProjectIamBinding.

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using setIamPolicy(): + Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy. + The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using setIamPolicy(): + Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy. + The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.

Builder for ProjectIamMemberArgs.

Builder for ProjectIamMember.

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using setIamPolicy(): + Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy. + The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Sets the IAM access control policy for the specified project, in the format projects/{ProjectIdOrNumber} e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using setIamPolicy(): + Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy. + The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Builder for ProjectIamPolicyArgs.

Builder for ProjectIamPolicy.

Builder for Project.

Creates a new TagKey. If another request with the same parameters is sent while the original request is in process, the second request will receive an error. A maximum of 1000 TagKeys can exist under a parent at any given time.

Creates a new TagKey. If another request with the same parameters is sent while the original request is in process, the second request will receive an error. A maximum of 1000 TagKeys can exist under a parent at any given time.

Builder for TagKeyArgs.

Sets the access control policy on a TagKey, replacing any existing policy. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have resourcemanager.tagKeys.setIamPolicy permission on the identified tagValue.

Sets the access control policy on a TagKey, replacing any existing policy. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have resourcemanager.tagKeys.setIamPolicy permission on the identified tagValue.

Builder for TagKeyIamBindingArgs.

Builder for TagKeyIamBinding.

Sets the access control policy on a TagKey, replacing any existing policy. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have resourcemanager.tagKeys.setIamPolicy permission on the identified tagValue.

Sets the access control policy on a TagKey, replacing any existing policy. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have resourcemanager.tagKeys.setIamPolicy permission on the identified tagValue.

Builder for TagKeyIamMemberArgs.

Builder for TagKeyIamMember.

Sets the access control policy on a TagKey, replacing any existing policy. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have resourcemanager.tagKeys.setIamPolicy permission on the identified tagValue. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Sets the access control policy on a TagKey, replacing any existing policy. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have resourcemanager.tagKeys.setIamPolicy permission on the identified tagValue. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Builder for TagKeyIamPolicyArgs.

Builder for TagKeyIamPolicy.

Builder for TagKey.

Creates a TagValue as a child of the specified TagKey. If a another request with the same parameters is sent while the original request is in process the second request will receive an error. A maximum of 1000 TagValues can exist under a TagKey at any given time.

Creates a TagValue as a child of the specified TagKey. If a another request with the same parameters is sent while the original request is in process the second request will receive an error. A maximum of 1000 TagValues can exist under a TagKey at any given time.

Builder for TagValueArgs.

Sets the access control policy on a TagValue, replacing any existing policy. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have resourcemanager.tagValues.setIamPolicy permission on the identified tagValue.

Sets the access control policy on a TagValue, replacing any existing policy. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have resourcemanager.tagValues.setIamPolicy permission on the identified tagValue.

Builder for TagValueIamBindingArgs.

Builder for TagValueIamBinding.

Sets the access control policy on a TagValue, replacing any existing policy. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have resourcemanager.tagValues.setIamPolicy permission on the identified tagValue.

Sets the access control policy on a TagValue, replacing any existing policy. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have resourcemanager.tagValues.setIamPolicy permission on the identified tagValue.

Builder for TagValueIamMemberArgs.

Builder for TagValueIamMember.

Sets the access control policy on a TagValue, replacing any existing policy. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have resourcemanager.tagValues.setIamPolicy permission on the identified tagValue. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Sets the access control policy on a TagValue, replacing any existing policy. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have resourcemanager.tagValues.setIamPolicy permission on the identified tagValue. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Builder for TagValueIamPolicyArgs.

Builder for TagValueIamPolicy.

Builder for TagValue.