projects

class pulumi_gcp.projects.IAMBinding(resource_name, opts=None, members=None, project=None, role=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • google_project_iam_policy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • google_project_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • google_project_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: google_project_iam_policy cannot be used in conjunction with google_project_iam_binding and google_project_iam_member or they will fight over what your policy should be.

Note: google_project_iam_binding resources can be used in conjunction with google_project_iam_member resources only if they do not grant privilege to the same role.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.

:param pulumi.Input[list] members :param pulumi.Input[str] project: The project ID. If not specified, uses the

ID of the project configured with the provider.
Parameters:role (pulumi.Input[str]) – The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.
etag = None

(Computed) The etag of the project’s IAM policy.

project = None

The project ID. If not specified, uses the ID of the project configured with the provider.

role = None

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.projects.IAMCustomRole(resource_name, opts=None, deleted=None, description=None, permissions=None, project=None, role_id=None, stage=None, title=None, __name__=None, __opts__=None)

Allows management of a customized Cloud IAM project role. For more information see the official documentation and API.

Warning: Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise
from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all by Terraform, and new roles cannot share that name.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.

:param pulumi.Input[bool] deleted :param pulumi.Input[str] description: A human-readable description for the role. :param pulumi.Input[list] permissions: The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified. :param pulumi.Input[str] project: The project that the service account will be created in.

Defaults to the provider project configuration.
Parameters:
  • role_id (pulumi.Input[str]) – The role id to use for this role.
  • stage (pulumi.Input[str]) – The current launch stage of the role. Defaults to GA. List of possible stages is here.
  • title (pulumi.Input[str]) – A human-readable title for the role.
description = None

A human-readable description for the role.

permissions = None

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

project = None

The project that the service account will be created in. Defaults to the provider project configuration.

role_id = None

The role id to use for this role.

stage = None

The current launch stage of the role. Defaults to GA. List of possible stages is here.

title = None

A human-readable title for the role.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.projects.IAMMember(resource_name, opts=None, member=None, project=None, role=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • google_project_iam_policy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • google_project_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • google_project_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: google_project_iam_policy cannot be used in conjunction with google_project_iam_binding and google_project_iam_member or they will fight over what your policy should be.

Note: google_project_iam_binding resources can be used in conjunction with google_project_iam_member resources only if they do not grant privilege to the same role.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.

:param pulumi.Input[str] member :param pulumi.Input[str] project: The project ID. If not specified, uses the

ID of the project configured with the provider.
Parameters:role (pulumi.Input[str]) – The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.
etag = None

(Computed) The etag of the project’s IAM policy.

project = None

The project ID. If not specified, uses the ID of the project configured with the provider.

role = None

The role that should be applied. Only one google_project_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.projects.IAMPolicy(resource_name, opts=None, authoritative=None, disable_project=None, policy_data=None, project=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

  • google_project_iam_policy: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.
  • google_project_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
  • google_project_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.

Note: google_project_iam_policy cannot be used in conjunction with google_project_iam_binding and google_project_iam_member or they will fight over what your policy should be.

Note: google_project_iam_binding resources can be used in conjunction with google_project_iam_member resources only if they do not grant privilege to the same role.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • authoritative (pulumi.Input[bool]) – (Optional, only for google_project_iam_policy) A boolean value indicating if this policy should overwrite any existing IAM policy on the project. When set to true, any policies not in your config file will be removed. This can lock you out of your project until an Organization Administrator grants you access again, so please exercise caution. If this argument is true and you want to delete the resource, you must set the disable_project argument to true, acknowledging that the project will be inaccessible to anyone but the Organization Admins, as it will no longer have an IAM policy. Rather than using this, you should use google_project_iam_binding and google_project_iam_member.
  • disable_project (pulumi.Input[bool]) – (Optional, only for google_project_iam_policy) A boolean value that must be set to true if you want to delete a google_project_iam_policy that is authoritative.
  • policy_data (pulumi.Input[str]) – The google_iam_policy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.
  • project (pulumi.Input[str]) – The project ID. If not specified, uses the ID of the project configured with the provider.
authoritative = None

(Optional, only for google_project_iam_policy) A boolean value indicating if this policy should overwrite any existing IAM policy on the project. When set to true, any policies not in your config file will be removed. This can lock you out of your project until an Organization Administrator grants you access again, so please exercise caution. If this argument is true and you want to delete the resource, you must set the disable_project argument to true, acknowledging that the project will be inaccessible to anyone but the Organization Admins, as it will no longer have an IAM policy. Rather than using this, you should use google_project_iam_binding and google_project_iam_member.

disable_project = None

(Optional, only for google_project_iam_policy) A boolean value that must be set to true if you want to delete a google_project_iam_policy that is authoritative.

etag = None

(Computed) The etag of the project’s IAM policy.

policy_data = None

The google_iam_policy data source that represents the IAM policy that will be applied to the project. The policy will be merged with any existing policy applied to the project.

project = None

The project ID. If not specified, uses the ID of the project configured with the provider.

restore_policy = None

(DEPRECATED) (Computed, only for google_project_iam_policy) The IAM policy that will be restored when a non-authoritative policy resource is deleted.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.projects.OrganizationPolicy(resource_name, opts=None, boolean_policy=None, constraint=None, list_policy=None, project=None, restore_policy=None, version=None, __name__=None, __opts__=None)

Allows management of Organization policies for a Google Project. For more information see the official documentation and API.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • boolean_policy (pulumi.Input[dict]) – A boolean policy is a constraint that is either enforced or not. Structure is documented below.
  • constraint (pulumi.Input[str]) – The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.
  • list_policy (pulumi.Input[dict]) – A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
  • project (pulumi.Input[str]) – The project id of the project to set the policy for.
  • restore_policy (pulumi.Input[dict]) – A restore policy is a constraint to restore the default policy. Structure is documented below.
  • version (pulumi.Input[int]) – Version of the Policy. Default version is 0.
boolean_policy = None

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

constraint = None

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

etag = None

(Computed) The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

list_policy = None

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

project = None

The project id of the project to set the policy for.

restore_policy = None

A restore policy is a constraint to restore the default policy. Structure is documented below.

update_time = None

(Computed) The timestamp in RFC3339 UTC “Zulu” format, accurate to nanoseconds, representing when the variable was last updated. Example: “2016-10-09T12:33:37.578138407Z”.

version = None

Version of the Policy. Default version is 0.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.projects.Service(resource_name, opts=None, disable_on_destroy=None, project=None, service=None, __name__=None, __opts__=None)

Allows management of a single API service for an existing Google Cloud Platform project.

For a list of services available, visit the API library page or run gcloud services list.

Note: This resource must not be used in conjunction with
google_project_services or they will fight over which services should be enabled.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • disable_on_destroy (pulumi.Input[bool]) – If true, disable the service when the terraform resource is destroyed. Defaults to true. May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.
  • project (pulumi.Input[str]) – The project ID. If not provided, the provider project is used.
  • service (pulumi.Input[str]) – The service to enable.
disable_on_destroy = None

If true, disable the service when the terraform resource is destroyed. Defaults to true. May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.

project = None

The project ID. If not provided, the provider project is used.

service = None

The service to enable.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.projects.Services(resource_name, opts=None, disable_on_destroy=None, project=None, services=None, __name__=None, __opts__=None)

Allows management of enabled API services for an existing Google Cloud Platform project. Services in an existing project that are not defined in the config will be removed.

For a list of services available, visit the API library page or run gcloud services list.

Note: This resource attempts to be the authoritative source on all enabled APIs, which often
leads to conflicts when certain actions enable other APIs. If you do not need to ensure that exclusively a particular set of APIs are enabled, you should most likely use the google_project_service resource, one resource per API.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.

:param pulumi.Input[bool] disable_on_destroy :param pulumi.Input[str] project: The project ID.

Changing this forces Terraform to attempt to disable all previously managed API services in the previous project.
Parameters:services (pulumi.Input[list]) – The list of services that are enabled. Supports update.
project = None

The project ID. Changing this forces Terraform to attempt to disable all previously managed API services in the previous project.

services = None

The list of services that are enabled. Supports update.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.projects.UsageExportBucket(resource_name, opts=None, bucket_name=None, prefix=None, project=None, __name__=None, __opts__=None)

Allows creation and management of a Google Cloud Platform project.

Projects created with this resource must be associated with an Organization. See the Organization documentation for more details.

The service account used to run Terraform when creating a google_project resource must have roles/resourcemanager.projectCreator. See the Access Control for Organizations Using IAM doc for more information.

Note that prior to 0.8.5, google_project functioned like a data source, meaning any project referenced by it had to be created and managed outside Terraform. As of 0.8.5, google_project functions like any other Terraform resource, with Terraform creating and managing the project. To replicate the old behavior, either:

  • Use the project ID directly in whatever is referencing the project, using the google_project_iam_policy to replace the old policy_data property.
  • Use the import functionality to import your pre-existing project into Terraform, where it can be referenced and used just like always, keeping in mind that Terraform will attempt to undo any changes made outside Terraform.
It’s important to note that any project resources that were added to your Terraform config prior to 0.8.5 will continue to function as they always have, and will not be managed by Terraform. Only newly added projects are affected.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.

:param pulumi.Input[str] bucket_name :param pulumi.Input[str] prefix :param pulumi.Input[str] project

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str