2016-11-23 06:55:40 +00:00
|
|
|
---
|
|
|
|
layout: "google"
|
|
|
|
page_title: "Google: google_project_iam_policy"
|
|
|
|
sidebar_current: "docs-google-project-iam-policy"
|
|
|
|
description: |-
|
2017-02-18 22:48:50 +00:00
|
|
|
Allows management of an IAM policy for a Google Cloud Platform project.
|
2016-11-23 06:55:40 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# google\_project\_iam\_policy
|
|
|
|
|
|
|
|
Allows creation and management of an IAM policy for an existing Google Cloud
|
|
|
|
Platform project.
|
|
|
|
|
2017-02-24 08:48:03 +00:00
|
|
|
~> **Be careful!** You can accidentally lock yourself out of your project
|
|
|
|
using this resource. Proceed with caution.
|
|
|
|
|
2016-11-23 06:55:40 +00:00
|
|
|
## Example Usage
|
|
|
|
|
2017-04-17 10:17:54 +00:00
|
|
|
```hcl
|
2016-11-23 06:55:40 +00:00
|
|
|
resource "google_project_iam_policy" "project" {
|
2017-02-18 22:48:50 +00:00
|
|
|
project = "your-project-id"
|
|
|
|
policy_data = "${data.google_iam_policy.admin.policy_data}"
|
2016-11-23 06:55:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
data "google_iam_policy" "admin" {
|
|
|
|
binding {
|
|
|
|
role = "roles/editor"
|
2017-02-18 22:48:50 +00:00
|
|
|
|
2016-11-23 06:55:40 +00:00
|
|
|
members = [
|
|
|
|
"user:jane@example.com",
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Argument Reference
|
|
|
|
|
|
|
|
The following arguments are supported:
|
|
|
|
|
|
|
|
* `project` - (Required) The project ID.
|
2017-12-11 18:24:53 +00:00
|
|
|
Changing this forces a new resource to be created.
|
2016-11-23 06:55:40 +00:00
|
|
|
|
|
|
|
* `policy_data` - (Required) The `google_iam_policy` data source that represents
|
|
|
|
the IAM policy that will be applied to the project. The policy will be
|
|
|
|
merged with any existing policy applied to the project.
|
|
|
|
|
|
|
|
Changing this updates the policy.
|
|
|
|
|
|
|
|
Deleting this removes the policy, but leaves the original project policy
|
|
|
|
intact. If there are overlapping `binding` entries between the original
|
|
|
|
project policy and the data source policy, they will be removed.
|
|
|
|
|
2017-09-28 22:51:31 +00:00
|
|
|
* `authoritative` - (DEPRECATED) (Optional) A boolean value indicating if this policy
|
2016-11-23 06:55:40 +00:00
|
|
|
should overwrite any existing IAM policy on the project. When set to true,
|
|
|
|
**any policies not in your config file will be removed**. This can **lock
|
|
|
|
you out** of your project until an Organization Administrator grants you
|
|
|
|
access again, so please exercise caution. If this argument is `true` and you
|
|
|
|
want to delete the resource, you must set the `disable_project` argument to
|
|
|
|
`true`, acknowledging that the project will be inaccessible to anyone but the
|
2017-09-28 22:51:31 +00:00
|
|
|
Organization Admins, as it will no longer have an IAM policy. Rather than using
|
|
|
|
this, you should use `google_project_iam_policy_binding` and
|
|
|
|
`google_project_iam_policy_member`.
|
2016-11-23 06:55:40 +00:00
|
|
|
|
2017-09-28 22:51:31 +00:00
|
|
|
* `disable_project` - (DEPRECATED) (Optional) A boolean value that must be set to `true`
|
2016-11-23 06:55:40 +00:00
|
|
|
if you want to delete a `google_project_iam_policy` that is authoritative.
|
|
|
|
|
|
|
|
## Attributes Reference
|
|
|
|
|
|
|
|
In addition to the arguments listed above, the following computed attributes are
|
|
|
|
exported:
|
|
|
|
|
|
|
|
* `etag` - (Computed) The etag of the project's IAM policy.
|
|
|
|
|
2017-09-28 22:51:31 +00:00
|
|
|
* `restore_policy` - (DEPRECATED) (Computed) The IAM policy that will be restored when a
|
2016-11-23 06:55:40 +00:00
|
|
|
non-authoritative policy resource is deleted.
|
2017-12-11 18:24:53 +00:00
|
|
|
|
|
|
|
## Import
|
|
|
|
|
|
|
|
IAM policy imports use the identifier of the resource in question. This policy resource can be imported using the `project_id` e.g.
|
|
|
|
|
|
|
|
```
|
|
|
|
$ terraform import google_project_iam_policy.my_project your-project-id
|
|
|
|
```
|