organizations

class pulumi_gcp.organizations.Folder(resource_name, opts=None, display_name=None, parent=None, __name__=None, __opts__=None)

Allows management of a Google Cloud Platform folder. For more information see the official documentation and API.

A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of Cloud Platform resources. Folders allows you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies.

Folders created live inside an Organization. See the Organization documentation for more details.

The service account used to run Terraform when creating a google_folder resource must have roles/resourcemanager.folderCreator. See the Access Control for Folders Using IAM doc for more information.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • display_name (pulumi.Input[str]) – The folder’s display name. A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.
  • parent (pulumi.Input[str]) – The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.
create_time = None

Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds. Example: “2014-10-02T15:01:23.045123456Z”.

display_name = None

The folder’s display name. A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.

lifecycle_state = None

The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.

name = None

The resource name of the Folder. Its format is folders/{folder_id}.

parent = None

The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.organizations.GetActiveFolderResult(name=None, id=None)

A collection of values returned by getActiveFolder.

name = None

The resource name of the Folder. This uniquely identifies the folder.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.GetBillingAccountResult(display_name=None, name=None, open=None, project_ids=None, id=None)

A collection of values returned by getBillingAccount.

name = None

The resource name of the billing account in the form billingAccounts/{billing_account_id}.

project_ids = None

The IDs of any projects associated with the billing account.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.GetClientConfigResult(access_token=None, project=None, region=None, id=None)

A collection of values returned by getClientConfig.

access_token = None

The OAuth2 access token used by the client to authenticate against the Google Cloud API.

project = None

The ID of the project to apply any resources to.

region = None

The region to operate under.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.GetFolderResult(create_time=None, display_name=None, lifecycle_state=None, name=None, organization=None, parent=None, id=None)

A collection of values returned by getFolder.

create_time = None

Timestamp when the Organization was created. A timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds. Example: “2014-10-02T15:01:23.045123456Z”.

display_name = None

The folder’s display name.

lifecycle_state = None

The Folder’s current lifecycle state.

name = None

The resource name of the Folder in the form folders/{organization_id}.

organization = None

If lookup_organization is enable, the resource name of the Organization that the folder belongs.

parent = None

The resource name of the parent Folder or Organization.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.GetIAMPolicyResult(policy_data=None, id=None)

A collection of values returned by getIAMPolicy.

policy_data = None

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.GetOrganizationResult(create_time=None, directory_customer_id=None, domain=None, lifecycle_state=None, name=None, id=None)

A collection of values returned by getOrganization.

create_time = None

Timestamp when the Organization was created. A timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds. Example: “2014-10-02T15:01:23.045123456Z”.

directory_customer_id = None

The Google for Work customer ID of the Organization.

lifecycle_state = None

The Organization’s current lifecycle state.

name = None

The resource name of the Organization in the form organizations/{organization_id}.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.GetProjectResult(app_engines=None, auto_create_network=None, billing_account=None, folder_id=None, labels=None, name=None, number=None, org_id=None, policy_data=None, policy_etag=None, skip_delete=None, id=None)

A collection of values returned by getProject.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.GetProjectServicesResult(disable_on_destroy=None, services=None, id=None)

A collection of values returned by getProjectServices.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.organizations.IAMBinding(resource_name, opts=None, members=None, org_id=None, role=None, __name__=None, __opts__=None)

Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform Organization.

Note: This resource must not be used in conjunction with
google_organization_iam_member for the same role or they will fight over what your policy should be.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • members (pulumi.Input[list]) – A list of users that the role should apply to.
  • org_id (pulumi.Input[str]) – The numeric ID of the organization in which you want to create a custom role.
  • role (pulumi.Input[str]) – The role that should be applied. Only one google_organization_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.
etag = None

(Computed) The etag of the organization’s IAM policy.

members = None

A list of users that the role should apply to.

org_id = None

The numeric ID of the organization in which you want to create a custom role.

role = None

The role that should be applied. Only one google_organization_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.organizations.IAMCustomRole(resource_name, opts=None, deleted=None, description=None, org_id=None, permissions=None, role_id=None, stage=None, title=None, __name__=None, __opts__=None)

Allows management of a customized Cloud IAM organization role. For more information see the official documentation and API.

Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise
from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by Terraform, and new roles cannot share that name.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • deleted (pulumi.Input[bool]) – The current deleted state of the role. Defaults to false.
  • description (pulumi.Input[str]) – A human-readable description for the role.
  • org_id (pulumi.Input[str]) – The numeric ID of the organization in which you want to create a custom role.
  • permissions (pulumi.Input[list]) – The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
  • role_id (pulumi.Input[str]) – The role id to use for this role.
  • stage (pulumi.Input[str]) – The current launch stage of the role. Defaults to GA. List of possible stages is here.
  • title (pulumi.Input[str]) – A human-readable title for the role.
deleted = None

The current deleted state of the role. Defaults to false.

description = None

A human-readable description for the role.

org_id = None

The numeric ID of the organization in which you want to create a custom role.

permissions = None

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

role_id = None

The role id to use for this role.

stage = None

The current launch stage of the role. Defaults to GA. List of possible stages is here.

title = None

A human-readable title for the role.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.organizations.IAMMember(resource_name, opts=None, member=None, org_id=None, role=None, __name__=None, __opts__=None)

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud Platform Organization.

Note: This resource must not be used in conjunction with
google_organization_iam_binding for the same role or they will fight over what your policy should be.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • member (pulumi.Input[str]) – The user that the role should apply to.
  • org_id (pulumi.Input[str]) – The numeric ID of the organization in which you want to create a custom role.
  • role (pulumi.Input[str]) – The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.
etag = None

(Computed) The etag of the organization’s IAM policy.

member = None

The user that the role should apply to.

org_id = None

The numeric ID of the organization in which you want to create a custom role.

role = None

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.organizations.IAMPolicy(resource_name, opts=None, org_id=None, policy_data=None, __name__=None, __opts__=None)

Allows management of the entire IAM policy for an existing Google Cloud Platform Organization.

Warning: New organizations have several default policies which will,
without extreme caution, be overwritten by use of this resource. The safest alternative is to use multiple google_organization_iam_binding resources. It is easy to use this resource to remove your own access to an organization, which will require a call to Google Support to have fixed, and can take multiple days to resolve. If you do use this resource, the best way to be sure that you are not making dangerous changes is to start by importing your existing policy, and examining the diff very closely.
Note: This resource must not be used in conjunction with
google_organization_iam_member or google_organization_iam_binding or they will fight over what your policy should be.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • org_id (pulumi.Input[str]) – The numeric ID of the organization in which you want to create a custom role.
  • policy_data (pulumi.Input[str]) – The google_iam_policy data source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
org_id = None

The numeric ID of the organization in which you want to create a custom role.

policy_data = None

The google_iam_policy data source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.organizations.Policy(resource_name, opts=None, boolean_policy=None, constraint=None, list_policy=None, org_id=None, restore_policy=None, version=None, __name__=None, __opts__=None)

Allows management of Organization policies for a Google Organization. For more information see the official documentation and API.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • boolean_policy (pulumi.Input[dict]) – A boolean policy is a constraint that is either enforced or not. Structure is documented below.
  • constraint (pulumi.Input[str]) – The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.
  • list_policy (pulumi.Input[dict]) – A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
  • org_id (pulumi.Input[str]) – The numeric ID of the organization to set the policy for.
  • restore_policy (pulumi.Input[dict]) – A restore policy is a constraint to restore the default policy. Structure is documented below.
  • version (pulumi.Input[int]) – Version of the Policy. Default version is 0.
boolean_policy = None

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

constraint = None

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

etag = None

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

list_policy = None

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

org_id = None

The numeric ID of the organization to set the policy for.

restore_policy = None

A restore policy is a constraint to restore the default policy. Structure is documented below.

update_time = None

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

version = None

Version of the Policy. Default version is 0.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.organizations.Project(resource_name, opts=None, app_engine=None, auto_create_network=None, billing_account=None, folder_id=None, labels=None, name=None, org_id=None, project_id=None, skip_delete=None, __name__=None, __opts__=None)

Allows creation and management of a Google Cloud Platform project.

Projects created with this resource must be associated with an Organization. See the Organization documentation for more details.

The service account used to run Terraform when creating a google_project resource must have roles/resourcemanager.projectCreator. See the Access Control for Organizations Using IAM doc for more information.

Note that prior to 0.8.5, google_project functioned like a data source, meaning any project referenced by it had to be created and managed outside Terraform. As of 0.8.5, google_project functions like any other Terraform resource, with Terraform creating and managing the project. To replicate the old behavior, either:

  • Use the project ID directly in whatever is referencing the project, using the google_project_iam_policy to replace the old policy_data property.
  • Use the import functionality to import your pre-existing project into Terraform, where it can be referenced and used just like always, keeping in mind that Terraform will attempt to undo any changes made outside Terraform.
It’s important to note that any project resources that were added to your Terraform config prior to 0.8.5 will continue to function as they always have, and will not be managed by Terraform. Only newly added projects are affected.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • app_engine (pulumi.Input[dict]) – A block of configuration to enable an App Engine app. Setting this field will enabled the App Engine Admin API, which is required to manage the app.
  • auto_create_network (pulumi.Input[bool]) – Create the ‘default’ network automatically. Default true. Note: this might be more accurately described as “Delete Default Network”, since the network is created automatically then deleted before project creation returns, but we choose this name to match the GCP Console UI. Setting this field to false will enable the Compute Engine API which is required to delete the network.
  • billing_account (pulumi.Input[str]) – The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.
  • folder_id (pulumi.Input[str]) – The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.
  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to the project.
  • name (pulumi.Input[str]) – The display name of the project.
  • org_id (pulumi.Input[str]) – The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.
  • project_id (pulumi.Input[str]) – The project ID. Changing this forces a new project to be created.
  • skip_delete (pulumi.Input[bool]) – If true, the Terraform resource can be deleted without deleting the Project via the Google API.
app_engine = None

A block of configuration to enable an App Engine app. Setting this field will enabled the App Engine Admin API, which is required to manage the app.

auto_create_network = None

Create the ‘default’ network automatically. Default true. Note: this might be more accurately described as “Delete Default Network”, since the network is created automatically then deleted before project creation returns, but we choose this name to match the GCP Console UI. Setting this field to false will enable the Compute Engine API which is required to delete the network.

billing_account = None

The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.

folder_id = None

The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.

labels = None

A set of key/value label pairs to assign to the project.

name = None

The display name of the project.

number = None

The numeric identifier of the project.

org_id = None

The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.

project_id = None

The project ID. Changing this forces a new project to be created.

skip_delete = None

If true, the Terraform resource can be deleted without deleting the Project via the Google API.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_gcp.organizations.get_active_folder(display_name=None, parent=None)

Get an active folder within GCP by display_name and parent.

pulumi_gcp.organizations.get_billing_account(billing_account=None, display_name=None, open=None)

Use this data source to get information about a Google Billing Account.

pulumi_gcp.organizations.get_client_config()

Use this data source to access the configuration of the Google Cloud provider.

pulumi_gcp.organizations.get_folder(folder=None, lookup_organization=None)

Use this data source to get information about a Google Cloud Folder.

pulumi_gcp.organizations.get_iam_policy(bindings=None)

Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform resources, such as the google_project resource.

This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.

Note: Several restrictions apply when setting IAM policies through this API. See the setIamPolicy docs for a list of these restrictions.

pulumi_gcp.organizations.get_organization(domain=None, organization=None)

Use this data source to get information about a Google Cloud Organization.

pulumi_gcp.organizations.get_project(project_id=None)

Use this data source to get project details. For more information see API

pulumi_gcp.organizations.get_project_services(project=None)

Use this data source to get details on the enabled project services.

For a list of services available, visit the API library page or run gcloud services list.