Module projects

@pulumi/gcp > projects

class IAMAuditConfig

extends CustomResource

constructor

new IAMAuditConfig(name: string, args: IAMAuditConfigArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMAuditConfig resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMAuditConfigState, opts?: pulumi.CustomResourceOptions): IAMAuditConfig

Get an existing IAMAuditConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property auditLogConfigs

public auditLogConfigs: pulumi.Output<{
    exemptedMembers: string[];
    logType: string;
}[]>;

property etag

public etag: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property project

public project: pulumi.Output<string | undefined>;

property service

public service: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMBinding

extends CustomResource

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • google_project_iam_policy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • google_project_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • google_project_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: google_project_iam_policy cannot be used in conjunction with google_project_iam_binding and google_project_iam_member or they will fight over what your policy should be.

Note: google_project_iam_binding resources can be used in conjunction with google_project_iam_member resources only if they do not grant privilege to the same role.

google_project_iam_policy

Be careful! You can accidentally lock yourself out of your project using this resource. Deleting a google_project_iam_policy removes access from anyone without organization-level access to the project. Proceed with caution. It’s not recommended to use google_project_iam_policy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by Terraform.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const project = new gcp.projects.IAMPolicy("project", {
    policyData: admin.policyData,
    project: "your-project-id",
});

google_project_iam_binding

Note: If role is set to roles/owner and you don’t specify a user or service account you have access to in members, you can lock yourself out of your project.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMBinding("project", {
    members: ["user:jane@example.com"],
    project: "your-project-id",
    role: "roles/editor",
});

google_project_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMMember("project", {
    member: "user:jane@example.com",
    project: "your-project-id",
    role: "roles/editor",
});

constructor

new IAMBinding(name: string, args: IAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMBindingState, opts?: pulumi.CustomResourceOptions): IAMBinding

Get an existing IAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the project’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string | undefined>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMCustomRole

extends CustomResource

Allows management of a customized Cloud IAM project role. For more information see the official documentation and API.

Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by Terraform, and new roles cannot share that name.

Example Usage

This snippet creates a customized IAM role.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const my_custom_role = new gcp.projects.IAMCustomRole("my-custom-role", {
    description: "A description",
    permissions: [
        "iam.roles.list",
        "iam.roles.create",
        "iam.roles.delete",
    ],
    roleId: "myCustomRole",
    title: "My Custom Role",
});

constructor

new IAMCustomRole(name: string, args: IAMCustomRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMCustomRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMCustomRoleState, opts?: pulumi.CustomResourceOptions): IAMCustomRole

Get an existing IAMCustomRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property deleted

public deleted: pulumi.Output<boolean>;

(Optional) The current deleted state of the role.

property description

public description: pulumi.Output<string | undefined>;

A human-readable description for the role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property permissions

public permissions: pulumi.Output<string[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property project

public project: pulumi.Output<string>;

The project that the service account will be created in. Defaults to the provider project configuration.

property roleId

public roleId: pulumi.Output<string>;

The role id to use for this role.

property stage

public stage: pulumi.Output<string | undefined>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

public title: pulumi.Output<string>;

A human-readable title for the role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMMember

extends CustomResource

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • google_project_iam_policy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • google_project_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • google_project_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: google_project_iam_policy cannot be used in conjunction with google_project_iam_binding and google_project_iam_member or they will fight over what your policy should be.

Note: google_project_iam_binding resources can be used in conjunction with google_project_iam_member resources only if they do not grant privilege to the same role.

google_project_iam_policy

Be careful! You can accidentally lock yourself out of your project using this resource. Deleting a google_project_iam_policy removes access from anyone without organization-level access to the project. Proceed with caution. It’s not recommended to use google_project_iam_policy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by Terraform.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const project = new gcp.projects.IAMPolicy("project", {
    policyData: admin.policyData,
    project: "your-project-id",
});

google_project_iam_binding

Note: If role is set to roles/owner and you don’t specify a user or service account you have access to in members, you can lock yourself out of your project.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMBinding("project", {
    members: ["user:jane@example.com"],
    project: "your-project-id",
    role: "roles/editor",
});

google_project_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMMember("project", {
    member: "user:jane@example.com",
    project: "your-project-id",
    role: "roles/editor",
});

constructor

new IAMMember(name: string, args: IAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMMemberState, opts?: pulumi.CustomResourceOptions): IAMMember

Get an existing IAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the project’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string | undefined>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IAMPolicy

extends CustomResource

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • google_project_iam_policy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • google_project_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • google_project_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: google_project_iam_policy cannot be used in conjunction with google_project_iam_binding and google_project_iam_member or they will fight over what your policy should be.

Note: google_project_iam_binding resources can be used in conjunction with google_project_iam_member resources only if they do not grant privilege to the same role.

google_project_iam_policy

Be careful! You can accidentally lock yourself out of your project using this resource. Deleting a google_project_iam_policy removes access from anyone without organization-level access to the project. Proceed with caution. It’s not recommended to use google_project_iam_policy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by Terraform.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
}));
const project = new gcp.projects.IAMPolicy("project", {
    policyData: admin.policyData,
    project: "your-project-id",
});

google_project_iam_binding

Note: If role is set to roles/owner and you don’t specify a user or service account you have access to in members, you can lock yourself out of your project.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMBinding("project", {
    members: ["user:jane@example.com"],
    project: "your-project-id",
    role: "roles/editor",
});

google_project_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.IAMMember("project", {
    member: "user:jane@example.com",
    project: "your-project-id",
    role: "roles/editor",
});

constructor

new IAMPolicy(name: string, args: IAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a IAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IAMPolicyState, opts?: pulumi.CustomResourceOptions): IAMPolicy

Get an existing IAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the project’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

The google_iam_policy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.

property project

public project: pulumi.Output<string>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class OrganizationPolicy

extends CustomResource

Allows management of Organization policies for a Google Project. For more information see the official documentation and API.

Example Usage

To set policy with a boolean constraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const serialPortPolicy = new gcp.projects.OrganizationPolicy("serial_port_policy", {
    booleanPolicy: {
        enforced: true,
    },
    constraint: "compute.disableSerialPortAccess",
    project: "your-project-id",
});

To set a policy with a list contraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
    constraint: "serviceuser.services",
    listPolicy: {
        allow: {
            all: true,
        },
    },
    project: "your-project-id",
});

Or to deny some services, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
    constraint: "serviceuser.services",
    listPolicy: {
        deny: {
            values: ["cloudresourcemanager.googleapis.com"],
        },
        suggestedValues: "compute.googleapis.com",
    },
    project: "your-project-id",
});

To restore the default project organization policy, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
    constraint: "serviceuser.services",
    project: "your-project-id",
    restorePolicy: {
        default: true,
    },
});

constructor

new OrganizationPolicy(name: string, args: OrganizationPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationPolicyState, opts?: pulumi.CustomResourceOptions): OrganizationPolicy

Get an existing OrganizationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property booleanPolicy

public booleanPolicy: pulumi.Output<{
    enforced: boolean;
} | undefined>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

public constraint: pulumi.Output<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property listPolicy

public listPolicy: pulumi.Output<{
    allow: undefined | {
        all: undefined | false | true;
        values: string[];
    };
    deny: undefined | {
        all: undefined | false | true;
        values: string[];
    };
    inheritFromParent: undefined | false | true;
    suggestedValue: string;
} | undefined>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property project

public project: pulumi.Output<string>;

The project id of the project to set the policy for.

property restorePolicy

public restorePolicy: pulumi.Output<{
    default: boolean;
} | undefined>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

public updateTime: pulumi.Output<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property version

public version: pulumi.Output<number>;

Version of the Policy. Default version is 0.

class Service

extends CustomResource

Allows management of a single API service for an existing Google Cloud Platform project.

For a list of services available, visit the API library page or run gcloud services list.

Note: This resource must not be used in conjunction with google_project_services or they will fight over which services should be enabled.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.Service("project", {
    disableDependentServices: true,
    project: "your-project-id",
    service: "iam.googleapis.com",
});

constructor

new Service(name: string, args: ServiceArgs, opts?: pulumi.CustomResourceOptions)

Create a Service resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceState, opts?: pulumi.CustomResourceOptions): Service

Get an existing Service resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property disableDependentServices

public disableDependentServices: pulumi.Output<boolean | undefined>;

If true, services that are enabled and which depend on this service should also be disabled when this service is destroyed. If false or unset, an error will be generated if any enabled services depend on this service when destroying it.

property disableOnDestroy

public disableOnDestroy: pulumi.Output<boolean | undefined>;

If true, disable the service when the terraform resource is destroyed. Defaults to true. May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property project

public project: pulumi.Output<string>;

The project ID. If not provided, the provider project is used.

property service

public service: pulumi.Output<string>;

The service to enable.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Services

extends CustomResource

Allows management of enabled API services for an existing Google Cloud Platform project. Services in an existing project that are not defined in the config will be removed.

For a list of services available, visit the API library page or run gcloud services list.

Note: This resource attempts to be the authoritative source on all enabled APIs, which often leads to conflicts when certain actions enable other APIs. If you do not need to ensure that exclusively a particular set of APIs are enabled, you should most likely use the google_project_service resource, one resource per API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.projects.Services("project", {
    project: "your-project-id",
    services: [
        "iam.googleapis.com",
        "cloudresourcemanager.googleapis.com",
    ],
});

constructor

new Services(name: string, args: ServicesArgs, opts?: pulumi.CustomResourceOptions)

Create a Services resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicesState, opts?: pulumi.CustomResourceOptions): Services

Get an existing Services resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property disableOnDestroy

public disableOnDestroy: pulumi.Output<boolean | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property project

public project: pulumi.Output<string>;

The project ID. Changing this forces Terraform to attempt to disable all previously managed API services in the previous project.

property services

public services: pulumi.Output<string[]>;

The list of services that are enabled. Supports update.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class UsageExportBucket

extends CustomResource

Allows creation and management of a Google Cloud Platform project.

Projects created with this resource must be associated with an Organization. See the Organization documentation for more details.

The service account used to run Terraform when creating a google_project resource must have roles/resourcemanager.projectCreator. See the Access Control for Organizations Using IAM doc for more information.

Note that prior to 0.8.5, google_project functioned like a data source, meaning any project referenced by it had to be created and managed outside Terraform. As of 0.8.5, google_project functions like any other Terraform resource, with Terraform creating and managing the project. To replicate the old behavior, either:

  • Use the project ID directly in whatever is referencing the project, using the google_project_iam_policy to replace the old policy_data property.
  • Use the import functionality to import your pre-existing project into Terraform, where it can be referenced and used just like always, keeping in mind that Terraform will attempt to undo any changes made outside Terraform.

It’s important to note that any project resources that were added to your Terraform config prior to 0.8.5 will continue to function as they always have, and will not be managed by Terraform. Only newly added projects are affected.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myProject = new gcp.organizations.Project("my_project", {
    orgId: "1234567",
    projectId: "your-project-id",
});

To create a project under a specific folder

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const department1 = new gcp.organizations.Folder("department1", {
    displayName: "Department 1",
    parent: "organizations/1234567",
});
const my_project_in_a_folder = new gcp.organizations.Project("my_project-in-a-folder", {
    folderId: department1.name,
    projectId: "your-project-id",
});

constructor

new UsageExportBucket(name: string, args: UsageExportBucketArgs, opts?: pulumi.CustomResourceOptions)

Create a UsageExportBucket resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UsageExportBucketState, opts?: pulumi.CustomResourceOptions): UsageExportBucket

Get an existing UsageExportBucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucketName

public bucketName: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property prefix

public prefix: pulumi.Output<string | undefined>;

property project

public project: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getOrganizationPolicy

getOrganizationPolicy(args: GetOrganizationPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetOrganizationPolicyResult>

Allows management of Organization policies for a Google Project. For more information see the official documentation

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const policy = pulumi.output(gcp.projects.getOrganizationPolicy({
    constraint: "constraints/serviceuser.services",
    project: "project-id",
}));

export const version = policy.version;

function getProject

getProject(args: GetProjectArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectResult>

Retrieve information about a set of projects based on a filter. See the REST API for more details.

Example Usage - searching for projects about to be deleted in an org

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const my_org_projects = pulumi.output(gcp.projects.getProject({
    filter: "parent.id:012345678910 lifecycleState:DELETE_REQUESTED",
}));
const deletion_candidate = my_org_projects.apply(my_org_projects => gcp.organizations.getProject({
    projectId: my_org_projects.projects[0].projectId,
}));

interface GetOrganizationPolicyArgs

A collection of arguments for invoking getOrganizationPolicy.

property constraint

constraint: string;

(Required) The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property project

project: string;

The project ID.

interface GetOrganizationPolicyResult

A collection of values returned by getOrganizationPolicy.

property booleanPolicies

booleanPolicies: {
    enforced: boolean;
}[];

property constraint

constraint: string;

property etag

etag: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property listPolicies

listPolicies: {
    allows: {
        all: boolean;
        values: string[];
    }[];
    denies: {
        all: boolean;
        values: string[];
    }[];
    inheritFromParent: boolean;
    suggestedValue: string;
}[];

property project

project: string;

property restorePolicies

restorePolicies: {
    default: boolean;
}[];

property updateTime

updateTime: string;

property version

version: number;

interface GetProjectArgs

A collection of arguments for invoking getProject.

property filter

filter: string;

A string filter as defined in the REST API.

interface GetProjectResult

A collection of values returned by getProject.

property filter

filter: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property projects

projects: {
    projectId: string;
}[];

A list of projects matching the provided filter. Structure is defined below.

interface IAMAuditConfigArgs

The set of arguments for constructing a IAMAuditConfig resource.

property auditLogConfigs

auditLogConfigs: pulumi.Input<pulumi.Input<{
    exemptedMembers: pulumi.Input<pulumi.Input<string>[]>;
    logType: pulumi.Input<string>;
}>[]>;

property project

project?: pulumi.Input<string>;

property service

service: pulumi.Input<string>;

interface IAMAuditConfigState

Input properties used for looking up and filtering IAMAuditConfig resources.

property auditLogConfigs

auditLogConfigs?: pulumi.Input<pulumi.Input<{
    exemptedMembers: pulumi.Input<pulumi.Input<string>[]>;
    logType: pulumi.Input<string>;
}>[]>;

property etag

etag?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

property service

service?: pulumi.Input<string>;

interface IAMBindingArgs

The set of arguments for constructing a IAMBinding resource.

property members

property project

project?: pulumi.Input<string>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMBindingState

Input properties used for looking up and filtering IAMBinding resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the project’s IAM policy.

property members

property project

project?: pulumi.Input<string>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMCustomRoleArgs

The set of arguments for constructing a IAMCustomRole resource.

property description

description?: pulumi.Input<string>;

A human-readable description for the role.

property permissions

permissions: pulumi.Input<pulumi.Input<string>[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property project

project?: pulumi.Input<string>;

The project that the service account will be created in. Defaults to the provider project configuration.

property roleId

roleId: pulumi.Input<string>;

The role id to use for this role.

property stage

stage?: pulumi.Input<string>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

title: pulumi.Input<string>;

A human-readable title for the role.

interface IAMCustomRoleState

Input properties used for looking up and filtering IAMCustomRole resources.

property deleted

deleted?: pulumi.Input<boolean>;

(Optional) The current deleted state of the role.

property description

description?: pulumi.Input<string>;

A human-readable description for the role.

property permissions

permissions?: pulumi.Input<pulumi.Input<string>[]>;

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

property project

project?: pulumi.Input<string>;

The project that the service account will be created in. Defaults to the provider project configuration.

property roleId

roleId?: pulumi.Input<string>;

The role id to use for this role.

property stage

stage?: pulumi.Input<string>;

The current launch stage of the role. Defaults to GA. List of possible stages is here.

property title

title?: pulumi.Input<string>;

A human-readable title for the role.

interface IAMMemberArgs

The set of arguments for constructing a IAMMember resource.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMMemberState

Input properties used for looking up and filtering IAMMember resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the project’s IAM policy.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface IAMPolicyArgs

The set of arguments for constructing a IAMPolicy resource.

property policyData

policyData: pulumi.Input<string>;

The google_iam_policy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.

property project

project: pulumi.Input<string>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

interface IAMPolicyState

Input properties used for looking up and filtering IAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the project’s IAM policy.

property policyData

policyData?: pulumi.Input<string>;

The google_iam_policy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.

property project

project?: pulumi.Input<string>;

The project ID. If not specified for google_project_iam_binding or google_project_iam_member, uses the ID of the project configured with the provider. Required for google_project_iam_policy - you must explicitly set the project, and it will not be inferred from the provider.

interface OrganizationPolicyArgs

The set of arguments for constructing a OrganizationPolicy resource.

property booleanPolicy

booleanPolicy?: pulumi.Input<{
    enforced: pulumi.Input<boolean>;
}>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property listPolicy

listPolicy?: pulumi.Input<{
    allow: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    deny: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    inheritFromParent: pulumi.Input<boolean>;
    suggestedValue: pulumi.Input<string>;
}>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property project

project: pulumi.Input<string>;

The project id of the project to set the policy for.

property restorePolicy

restorePolicy?: pulumi.Input<{
    default: pulumi.Input<boolean>;
}>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

interface OrganizationPolicyState

Input properties used for looking up and filtering OrganizationPolicy resources.

property booleanPolicy

booleanPolicy?: pulumi.Input<{
    enforced: pulumi.Input<boolean>;
}>;

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

property constraint

constraint?: pulumi.Input<string>;

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

property listPolicy

listPolicy?: pulumi.Input<{
    allow: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    deny: pulumi.Input<{
        all: pulumi.Input<boolean>;
        values: pulumi.Input<pulumi.Input<string>[]>;
    }>;
    inheritFromParent: pulumi.Input<boolean>;
    suggestedValue: pulumi.Input<string>;
}>;

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

property project

project?: pulumi.Input<string>;

The project id of the project to set the policy for.

property restorePolicy

restorePolicy?: pulumi.Input<{
    default: pulumi.Input<boolean>;
}>;

A restore policy is a constraint to restore the default policy. Structure is documented below.

property updateTime

updateTime?: pulumi.Input<string>;

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

property version

version?: pulumi.Input<number>;

Version of the Policy. Default version is 0.

interface ServiceArgs

The set of arguments for constructing a Service resource.

property disableDependentServices

disableDependentServices?: pulumi.Input<boolean>;

If true, services that are enabled and which depend on this service should also be disabled when this service is destroyed. If false or unset, an error will be generated if any enabled services depend on this service when destroying it.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

If true, disable the service when the terraform resource is destroyed. Defaults to true. May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.

property project

project?: pulumi.Input<string>;

The project ID. If not provided, the provider project is used.

property service

service: pulumi.Input<string>;

The service to enable.

interface ServiceState

Input properties used for looking up and filtering Service resources.

property disableDependentServices

disableDependentServices?: pulumi.Input<boolean>;

If true, services that are enabled and which depend on this service should also be disabled when this service is destroyed. If false or unset, an error will be generated if any enabled services depend on this service when destroying it.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

If true, disable the service when the terraform resource is destroyed. Defaults to true. May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.

property project

project?: pulumi.Input<string>;

The project ID. If not provided, the provider project is used.

property service

service?: pulumi.Input<string>;

The service to enable.

interface ServicesArgs

The set of arguments for constructing a Services resource.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

property project

project?: pulumi.Input<string>;

The project ID. Changing this forces Terraform to attempt to disable all previously managed API services in the previous project.

property services

services: pulumi.Input<pulumi.Input<string>[]>;

The list of services that are enabled. Supports update.

interface ServicesState

Input properties used for looking up and filtering Services resources.

property disableOnDestroy

disableOnDestroy?: pulumi.Input<boolean>;

property project

project?: pulumi.Input<string>;

The project ID. Changing this forces Terraform to attempt to disable all previously managed API services in the previous project.

property services

services?: pulumi.Input<pulumi.Input<string>[]>;

The list of services that are enabled. Supports update.

interface UsageExportBucketArgs

The set of arguments for constructing a UsageExportBucket resource.

property bucketName

bucketName: pulumi.Input<string>;

property prefix

prefix?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

interface UsageExportBucketState

Input properties used for looking up and filtering UsageExportBucket resources.

property bucketName

bucketName?: pulumi.Input<string>;

property prefix

prefix?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;