import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * An IAM Principal Access Boundary Policy resource. This resource has no effect on accesses until is bound to a target through policy bindings. * You can see further documentation on policy bindings in: * - [Organizations](https://www.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_organizations_policy_binding) * - [Folders](https://www.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_folders_policy_binding) * - [Projects](https://www.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_projects_policy_binding) * * To get more information about PrincipalAccessBoundaryPolicy, see: * * * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/organizations.locations.principalAccessBoundaryPolicies) * * How-to Guides * * [Create and apply Principal Access Boundaries](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create) * * ## Example Usage * * ### Iam Principal Access Boundary Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pab_policy_for_org = new gcp.iam.PrincipalAccessBoundaryPolicy("pab-policy-for-org", { * organization: "123456789", * location: "global", * displayName: "PAB policy for Organization", * principalAccessBoundaryPolicyId: "pab-policy-for-org", * }); * ``` * ### Iam Organizations Policy Binding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as time from "@pulumiverse/time"; * * const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", { * organization: "123456789", * location: "global", * displayName: "Binding for all principals in the Organization", * principalAccessBoundaryPolicyId: "my-pab-policy", * }); * const wait60Seconds = new time.Sleep("wait_60_seconds", {createDuration: "60s"}, { * dependsOn: [pabPolicy], * }); * const my_pab_policy = new gcp.iam.OrganizationsPolicyBinding("my-pab-policy", { * organization: "123456789", * location: "global", * displayName: "Binding for all principals in the Organization", * policyKind: "PRINCIPAL_ACCESS_BOUNDARY", * policyBindingId: "binding-for-all-org-principals", * policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`, * target: { * principalSet: "//cloudresourcemanager.googleapis.com/organizations/123456789", * }, * }, { * dependsOn: [wait60Seconds], * }); * ``` * * ## Import * * PrincipalAccessBoundaryPolicy can be imported using any of these accepted formats: * * * `organizations/{{organization}}/locations/{{location}}/principalAccessBoundaryPolicies/{{principal_access_boundary_policy_id}}` * * `{{organization}}/{{location}}/{{principal_access_boundary_policy_id}}` * * When using the `pulumi import` command, PrincipalAccessBoundaryPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/principalAccessBoundaryPolicy:PrincipalAccessBoundaryPolicy default organizations/{{organization}}/locations/{{location}}/principalAccessBoundaryPolicies/{{principal_access_boundary_policy_id}} * $ pulumi import gcp:iam/principalAccessBoundaryPolicy:PrincipalAccessBoundaryPolicy default {{organization}}/{{location}}/{{principal_access_boundary_policy_id}} * ``` */ export declare class PrincipalAccessBoundaryPolicy extends pulumi.CustomResource { /** * Get an existing PrincipalAccessBoundaryPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: PrincipalAccessBoundaryPolicyState, opts?: pulumi.CustomResourceOptions): PrincipalAccessBoundaryPolicy; /** * Returns true if the given object is an instance of PrincipalAccessBoundaryPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is PrincipalAccessBoundaryPolicy; /** * User defined annotations. See https://google.aip.dev/148#annotations * for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ readonly annotations: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Output only. The time when the principal access boundary policy was created. */ readonly createTime: pulumi.Output; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ readonly deletionPolicy: pulumi.Output; /** * Principal access boundary policy details * Structure is documented below. */ readonly details: pulumi.Output; /** * The description of the principal access boundary policy. Must be less than or equal to 63 characters. */ readonly displayName: pulumi.Output; /** * All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. */ readonly effectiveAnnotations: pulumi.Output<{ [key: string]: string; }>; /** * The etag for the principal access boundary. If this is provided on update, it must match the server's etag. */ readonly etag: pulumi.Output; /** * The location the principal access boundary policy is in. */ readonly location: pulumi.Output; /** * Identifier. The resource name of the principal access boundary policy. The following format is supported: * `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}` */ readonly name: pulumi.Output; /** * The parent organization of the principal access boundary policy. */ readonly organization: pulumi.Output; /** * The ID to use to create the principal access boundary policy. * This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/. */ readonly principalAccessBoundaryPolicyId: pulumi.Output; /** * Output only. The globally unique ID of the principal access boundary policy. */ readonly uid: pulumi.Output; /** * Output only. The time when the principal access boundary policy was most recently updated. */ readonly updateTime: pulumi.Output; /** * Create a PrincipalAccessBoundaryPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: PrincipalAccessBoundaryPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering PrincipalAccessBoundaryPolicy resources. */ export interface PrincipalAccessBoundaryPolicyState { /** * User defined annotations. See https://google.aip.dev/148#annotations * for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * Output only. The time when the principal access boundary policy was created. */ createTime?: pulumi.Input; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * Principal access boundary policy details * Structure is documented below. */ details?: pulumi.Input; /** * The description of the principal access boundary policy. Must be less than or equal to 63 characters. */ displayName?: pulumi.Input; /** * All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. */ effectiveAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * The etag for the principal access boundary. If this is provided on update, it must match the server's etag. */ etag?: pulumi.Input; /** * The location the principal access boundary policy is in. */ location?: pulumi.Input; /** * Identifier. The resource name of the principal access boundary policy. The following format is supported: * `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}` */ name?: pulumi.Input; /** * The parent organization of the principal access boundary policy. */ organization?: pulumi.Input; /** * The ID to use to create the principal access boundary policy. * This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/. */ principalAccessBoundaryPolicyId?: pulumi.Input; /** * Output only. The globally unique ID of the principal access boundary policy. */ uid?: pulumi.Input; /** * Output only. The time when the principal access boundary policy was most recently updated. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a PrincipalAccessBoundaryPolicy resource. */ export interface PrincipalAccessBoundaryPolicyArgs { /** * User defined annotations. See https://google.aip.dev/148#annotations * for more details such as format and size limitations * * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * Principal access boundary policy details * Structure is documented below. */ details?: pulumi.Input; /** * The description of the principal access boundary policy. Must be less than or equal to 63 characters. */ displayName?: pulumi.Input; /** * The location the principal access boundary policy is in. */ location: pulumi.Input; /** * The parent organization of the principal access boundary policy. */ organization: pulumi.Input; /** * The ID to use to create the principal access boundary policy. * This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/. */ principalAccessBoundaryPolicyId: pulumi.Input; } //# sourceMappingURL=principalAccessBoundaryPolicy.d.ts.map