Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.storage/v1.ManagedFolderIamPolicy
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Updates an IAM policy for the specified managed folder. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
Create ManagedFolderIamPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagedFolderIamPolicy(name: string, args: ManagedFolderIamPolicyArgs, opts?: CustomResourceOptions);
@overload
def ManagedFolderIamPolicy(resource_name: str,
args: ManagedFolderIamPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagedFolderIamPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
managed_folder: Optional[str] = None,
bindings: Optional[Sequence[ManagedFolderIamPolicyBindingsItemArgs]] = None,
etag: Optional[str] = None,
kind: Optional[str] = None,
resource_id: Optional[str] = None,
user_project: Optional[str] = None,
version: Optional[int] = None)
func NewManagedFolderIamPolicy(ctx *Context, name string, args ManagedFolderIamPolicyArgs, opts ...ResourceOption) (*ManagedFolderIamPolicy, error)
public ManagedFolderIamPolicy(string name, ManagedFolderIamPolicyArgs args, CustomResourceOptions? opts = null)
public ManagedFolderIamPolicy(String name, ManagedFolderIamPolicyArgs args)
public ManagedFolderIamPolicy(String name, ManagedFolderIamPolicyArgs args, CustomResourceOptions options)
type: google-native:storage/v1:ManagedFolderIamPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagedFolderIamPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagedFolderIamPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagedFolderIamPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagedFolderIamPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagedFolderIamPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managedFolderIamPolicyResource = new GoogleNative.Storage.V1.ManagedFolderIamPolicy("managedFolderIamPolicyResource", new()
{
Bucket = "string",
ManagedFolder = "string",
Bindings = new[]
{
new GoogleNative.Storage.V1.Inputs.ManagedFolderIamPolicyBindingsItemArgs
{
Condition = new GoogleNative.Storage.V1.Inputs.ExprArgs
{
Description = "string",
Expression = "string",
Location = "string",
Title = "string",
},
Members = new[]
{
"string",
},
Role = "string",
},
},
Etag = "string",
Kind = "string",
ResourceId = "string",
UserProject = "string",
Version = 0,
});
example, err := storage.NewManagedFolderIamPolicy(ctx, "managedFolderIamPolicyResource", &storage.ManagedFolderIamPolicyArgs{
Bucket: pulumi.String("string"),
ManagedFolder: pulumi.String("string"),
Bindings: storage.ManagedFolderIamPolicyBindingsItemArray{
&storage.ManagedFolderIamPolicyBindingsItemArgs{
Condition: &storage.ExprArgs{
Description: pulumi.String("string"),
Expression: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
Members: pulumi.StringArray{
pulumi.String("string"),
},
Role: pulumi.String("string"),
},
},
Etag: pulumi.String("string"),
Kind: pulumi.String("string"),
ResourceId: pulumi.String("string"),
UserProject: pulumi.String("string"),
Version: pulumi.Int(0),
})
var managedFolderIamPolicyResource = new ManagedFolderIamPolicy("managedFolderIamPolicyResource", ManagedFolderIamPolicyArgs.builder()
.bucket("string")
.managedFolder("string")
.bindings(ManagedFolderIamPolicyBindingsItemArgs.builder()
.condition(ExprArgs.builder()
.description("string")
.expression("string")
.location("string")
.title("string")
.build())
.members("string")
.role("string")
.build())
.etag("string")
.kind("string")
.resourceId("string")
.userProject("string")
.version(0)
.build());
managed_folder_iam_policy_resource = google_native.storage.v1.ManagedFolderIamPolicy("managedFolderIamPolicyResource",
bucket="string",
managed_folder="string",
bindings=[google_native.storage.v1.ManagedFolderIamPolicyBindingsItemArgs(
condition=google_native.storage.v1.ExprArgs(
description="string",
expression="string",
location="string",
title="string",
),
members=["string"],
role="string",
)],
etag="string",
kind="string",
resource_id="string",
user_project="string",
version=0)
const managedFolderIamPolicyResource = new google_native.storage.v1.ManagedFolderIamPolicy("managedFolderIamPolicyResource", {
bucket: "string",
managedFolder: "string",
bindings: [{
condition: {
description: "string",
expression: "string",
location: "string",
title: "string",
},
members: ["string"],
role: "string",
}],
etag: "string",
kind: "string",
resourceId: "string",
userProject: "string",
version: 0,
});
type: google-native:storage/v1:ManagedFolderIamPolicy
properties:
bindings:
- condition:
description: string
expression: string
location: string
title: string
members:
- string
role: string
bucket: string
etag: string
kind: string
managedFolder: string
resourceId: string
userProject: string
version: 0
ManagedFolderIamPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ManagedFolderIamPolicy resource accepts the following input properties:
- Bucket string
- Managed
Folder string - Bindings
List<Pulumi.
Google Native. Storage. V1. Inputs. Managed Folder Iam Policy Bindings Item> - An association between a role, which comes with a set of permissions, and members who may assume that role.
- Etag string
- HTTP 1.1 Entity tag for the policy.
- Kind string
- The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
- Resource
Id string - The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, projects//buckets/bucket/objects/object for objects, and projects//buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects//buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
- User
Project string - The project to be billed for this request. Required for Requester Pays buckets.
- Version int
- The IAM policy format version.
- Bucket string
- Managed
Folder string - Bindings
[]Managed
Folder Iam Policy Bindings Item Args - An association between a role, which comes with a set of permissions, and members who may assume that role.
- Etag string
- HTTP 1.1 Entity tag for the policy.
- Kind string
- The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
- Resource
Id string - The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, projects//buckets/bucket/objects/object for objects, and projects//buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects//buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
- User
Project string - The project to be billed for this request. Required for Requester Pays buckets.
- Version int
- The IAM policy format version.
- bucket String
- managed
Folder String - bindings
List<Managed
Folder Iam Policy Bindings Item> - An association between a role, which comes with a set of permissions, and members who may assume that role.
- etag String
- HTTP 1.1 Entity tag for the policy.
- kind String
- The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
- resource
Id String - The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, projects//buckets/bucket/objects/object for objects, and projects//buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects//buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
- user
Project String - The project to be billed for this request. Required for Requester Pays buckets.
- version Integer
- The IAM policy format version.
- bucket string
- managed
Folder string - bindings
Managed
Folder Iam Policy Bindings Item[] - An association between a role, which comes with a set of permissions, and members who may assume that role.
- etag string
- HTTP 1.1 Entity tag for the policy.
- kind string
- The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
- resource
Id string - The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, projects//buckets/bucket/objects/object for objects, and projects//buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects//buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
- user
Project string - The project to be billed for this request. Required for Requester Pays buckets.
- version number
- The IAM policy format version.
- bucket str
- managed_
folder str - bindings
Sequence[Managed
Folder Iam Policy Bindings Item Args] - An association between a role, which comes with a set of permissions, and members who may assume that role.
- etag str
- HTTP 1.1 Entity tag for the policy.
- kind str
- The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
- resource_
id str - The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, projects//buckets/bucket/objects/object for objects, and projects//buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects//buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
- user_
project str - The project to be billed for this request. Required for Requester Pays buckets.
- version int
- The IAM policy format version.
- bucket String
- managed
Folder String - bindings List<Property Map>
- An association between a role, which comes with a set of permissions, and members who may assume that role.
- etag String
- HTTP 1.1 Entity tag for the policy.
- kind String
- The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
- resource
Id String - The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, projects//buckets/bucket/objects/object for objects, and projects//buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects//buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
- user
Project String - The project to be billed for this request. Required for Requester Pays buckets.
- version Number
- The IAM policy format version.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagedFolderIamPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
Expr, ExprArgs
- Description string
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- Location string
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- Location string
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location String
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location string
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location str
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location String
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ExprResponse, ExprResponseArgs
- Description string
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- Location string
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- Description string
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- Expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- Location string
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- Title string
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location String
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description string
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression string
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location string
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title string
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description str
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression str
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location str
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title str
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- description String
- An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- expression String
- Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
- location String
- An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- title String
- An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
ManagedFolderIamPolicyBindingsItem, ManagedFolderIamPolicyBindingsItemArgs
- Condition
Pulumi.
Google Native. Storage. V1. Inputs. Expr - The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- Members List<string>
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- Role string
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- Condition Expr
- The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- Members []string
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- Role string
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition Expr
- The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members List<String>
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role String
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition Expr
- The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members string[]
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role string
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition Expr
- The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members Sequence[str]
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role str
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition Property Map
- The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members List<String>
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role String
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
ManagedFolderIamPolicyBindingsItemResponse, ManagedFolderIamPolicyBindingsItemResponseArgs
- Condition
Pulumi.
Google Native. Storage. V1. Inputs. Expr Response - The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- Members List<string>
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- Role string
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- Condition
Expr
Response - The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- Members []string
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- Role string
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition
Expr
Response - The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members List<String>
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role String
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition
Expr
Response - The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members string[]
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role string
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition
Expr
Response - The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members Sequence[str]
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role str
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
- condition Property Map
- The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
- members List<String>
- A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
- allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
- allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
- user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
- serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
- group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
- domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
- projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
- projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
- projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
- role String
- The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
The new IAM roles are:
- roles/storage.admin — Full control of Google Cloud Storage resources.
- roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
- roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
- roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
- roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
- roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
- roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
- roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
- roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.