Module iap

@pulumi/gcp > iap

class TunnelInstanceIAMBinding

extends CustomResource

Warning: These resources are in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Three different resources help you manage your IAM policy for IAP Tunnel Instance. Each of these resources serves a different use case:

  • google_iap_tunnel_instance_iam_policy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.
  • google_iap_tunnel_instance_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • google_iap_tunnel_instance_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: google_iap_tunnel_instance_iam_policy cannot be used in conjunction with google_iap_tunnel_instance_iam_binding and google_iap_tunnel_instance_iam_member or they will fight over what your policy should be.

Note: google_iap_tunnel_instance_iam_binding resources can be used in conjunction with google_iap_tunnel_instance_iam_member resources only if they do not grant privilege to the same role.

google_iap_tunnel_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const instance = new gcp.IapTunnelInstanceIamPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_iap_tunnel_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.IapTunnelInstanceIamBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_iap_tunnel_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.IapTunnelInstanceIamMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new TunnelInstanceIAMBinding(name: string, args: TunnelInstanceIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a TunnelInstanceIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TunnelInstanceIAMBindingState, opts?: pulumi.CustomResourceOptions): TunnelInstanceIAMBinding

Get an existing TunnelInstanceIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zone

public zone: pulumi.Output<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

class TunnelInstanceIAMMember

extends CustomResource

Warning: These resources are in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Three different resources help you manage your IAM policy for IAP Tunnel Instance. Each of these resources serves a different use case:

  • google_iap_tunnel_instance_iam_policy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.
  • google_iap_tunnel_instance_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • google_iap_tunnel_instance_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: google_iap_tunnel_instance_iam_policy cannot be used in conjunction with google_iap_tunnel_instance_iam_binding and google_iap_tunnel_instance_iam_member or they will fight over what your policy should be.

Note: google_iap_tunnel_instance_iam_binding resources can be used in conjunction with google_iap_tunnel_instance_iam_member resources only if they do not grant privilege to the same role.

google_iap_tunnel_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const instance = new gcp.IapTunnelInstanceIamPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_iap_tunnel_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.IapTunnelInstanceIamBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_iap_tunnel_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.IapTunnelInstanceIamMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new TunnelInstanceIAMMember(name: string, args: TunnelInstanceIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a TunnelInstanceIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TunnelInstanceIAMMemberState, opts?: pulumi.CustomResourceOptions): TunnelInstanceIAMMember

Get an existing TunnelInstanceIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zone

public zone: pulumi.Output<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

class TunnelInstanceIAMPolicy

extends CustomResource

Warning: These resources are in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Three different resources help you manage your IAM policy for IAP Tunnel Instance. Each of these resources serves a different use case:

  • google_iap_tunnel_instance_iam_policy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.
  • google_iap_tunnel_instance_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • google_iap_tunnel_instance_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: google_iap_tunnel_instance_iam_policy cannot be used in conjunction with google_iap_tunnel_instance_iam_binding and google_iap_tunnel_instance_iam_member or they will fight over what your policy should be.

Note: google_iap_tunnel_instance_iam_binding resources can be used in conjunction with google_iap_tunnel_instance_iam_member resources only if they do not grant privilege to the same role.

google_iap_tunnel_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const instance = new gcp.IapTunnelInstanceIamPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_iap_tunnel_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.IapTunnelInstanceIamBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_iap_tunnel_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.IapTunnelInstanceIamMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

constructor

new TunnelInstanceIAMPolicy(name: string, args: TunnelInstanceIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a TunnelInstanceIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TunnelInstanceIAMPolicyState, opts?: pulumi.CustomResourceOptions): TunnelInstanceIAMPolicy

Get an existing TunnelInstanceIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a google_iam_policy data source.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property zone

public zone: pulumi.Output<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

interface TunnelInstanceIAMBindingArgs

The set of arguments for constructing a TunnelInstanceIAMBinding resource.

property instance

instance: pulumi.Input<string>;

The name of the instance.

property members

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property zone

zone?: pulumi.Input<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

interface TunnelInstanceIAMBindingState

Input properties used for looking up and filtering TunnelInstanceIAMBinding resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property members

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property zone

zone?: pulumi.Input<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

interface TunnelInstanceIAMMemberArgs

The set of arguments for constructing a TunnelInstanceIAMMember resource.

property instance

instance: pulumi.Input<string>;

The name of the instance.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property zone

zone?: pulumi.Input<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

interface TunnelInstanceIAMMemberState

Input properties used for looking up and filtering TunnelInstanceIAMMember resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one google_iap_tunnel_instance_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property zone

zone?: pulumi.Input<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

interface TunnelInstanceIAMPolicyArgs

The set of arguments for constructing a TunnelInstanceIAMPolicy resource.

property instance

instance: pulumi.Input<string>;

The name of the instance.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a google_iam_policy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property zone

zone?: pulumi.Input<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.

interface TunnelInstanceIAMPolicyState

Input properties used for looking up and filtering TunnelInstanceIAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a google_iam_policy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property zone

zone?: pulumi.Input<string>;

The zone of the instance. If unspecified, this defaults to the zone configured in the provider.