mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-09-15 23:59:57 +00:00
providers/google: Add documentation for google_iam_policy resource
This commit is contained in:
parent
e0289a462e
commit
34edaf56d6
60
d/google_iam_policy.html.markdown
Normal file
60
d/google_iam_policy.html.markdown
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
---
|
||||||
|
layout: "google"
|
||||||
|
page_title: "Google: google_iam_policy"
|
||||||
|
sidebar_current: "docs-google-datasource-iam-policy"
|
||||||
|
description: |-
|
||||||
|
Generates an IAM policy that can be referenced by other resources, applying
|
||||||
|
the policy to them.
|
||||||
|
---
|
||||||
|
|
||||||
|
# google\_iam\_policy
|
||||||
|
|
||||||
|
Generates an IAM policy document that may be referenced by and applied to
|
||||||
|
other Google Cloud Platform resources, such as the `google_project` resource.
|
||||||
|
|
||||||
|
```
|
||||||
|
data "google_iam_policy" "admin" {
|
||||||
|
binding {
|
||||||
|
role = "roles/compute.instanceAdmin"
|
||||||
|
members = [
|
||||||
|
"serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
binding {
|
||||||
|
role = "roles/storage.objectViewer"
|
||||||
|
members = [
|
||||||
|
"user:evanbrown@google.com",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
This data source is used to define IAM policies to apply to othe resources.
|
||||||
|
Currently, defining a policy through a datasource and referencing that policy
|
||||||
|
from another resource is the only way to apply an IAM policy to a resource.
|
||||||
|
|
||||||
|
## Argument Reference
|
||||||
|
|
||||||
|
The following arguments are supported:
|
||||||
|
|
||||||
|
* `binding` (Required) - A nested configuration block (described below)
|
||||||
|
defining a binding to be included in the policy document. Multiple
|
||||||
|
`binding` arguments are supported.
|
||||||
|
|
||||||
|
Each document configuration must have one or more `binding` blocks, which
|
||||||
|
each accept the following arguments:
|
||||||
|
|
||||||
|
* `role` (Required) - The role/permission that will be granted to the members.
|
||||||
|
See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles.
|
||||||
|
* `members` (Required) - An array of users/principals that will be granted
|
||||||
|
the privilege in the `role`. For a human user, prefix the user's e-mail
|
||||||
|
address with `user:` (e.g., `user:evandbrown@gmail.com`). For a service
|
||||||
|
account, prefix the service account e-mail address with `serviceAccount:`
|
||||||
|
(e.g., `serviceAccount:your-service-account@your-project.iam.gserviceaccount.com`).
|
||||||
|
|
||||||
|
## Attributes Reference
|
||||||
|
|
||||||
|
The following attribute is exported:
|
||||||
|
|
||||||
|
* `policy_data` - The above bindings serialized in a format suitable for
|
||||||
|
referencing from a resource that supports IAM.
|
61
r/google_project.html.markdown
Normal file
61
r/google_project.html.markdown
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
---
|
||||||
|
layout: "google"
|
||||||
|
page_title: "Google: google_project"
|
||||||
|
sidebar_current: "docs-google-project"
|
||||||
|
description: |-
|
||||||
|
Allows management of a Google Cloud Platform project.
|
||||||
|
---
|
||||||
|
|
||||||
|
# google\_project
|
||||||
|
|
||||||
|
Allows management of an existing Google Cloud Platform project, and is
|
||||||
|
currently limited to adding or modifying the IAM Policy for the project.
|
||||||
|
|
||||||
|
When adding a policy to a project, the policy will be merged with the
|
||||||
|
project's existing policy. The policy is always specified in a
|
||||||
|
`google_iam_policy` data source and referencd from the project's
|
||||||
|
`policy_data` attribute.
|
||||||
|
|
||||||
|
## Example Usage
|
||||||
|
|
||||||
|
```js
|
||||||
|
resource "google_project" "my-project" {
|
||||||
|
id = "your-project-id"
|
||||||
|
policy_data = "${data.google_iam_policy.admin.policy}"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "google_iam_policy" "admin" {
|
||||||
|
binding {
|
||||||
|
role = "roles/storage.objectViewer"
|
||||||
|
members = [
|
||||||
|
"user:evandbrown@gmail.com",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Argument Reference
|
||||||
|
|
||||||
|
The following arguments are supported:
|
||||||
|
|
||||||
|
* `id` - (Required) The project ID.
|
||||||
|
Changing this forces a new project to be referenced.
|
||||||
|
|
||||||
|
* `policy` - (Optional) The `google_iam_policy` data source that represents
|
||||||
|
the IAM policy that will be applied to the project. The policy will be
|
||||||
|
merged with any existing policy applied to the project.
|
||||||
|
|
||||||
|
Changing this updates the policy.
|
||||||
|
|
||||||
|
Deleting this removes the policy, but leaves the original project policy
|
||||||
|
intact. If there are overlapping `binding` entries between the original
|
||||||
|
project policy and the data source policy, they will be removed.
|
||||||
|
|
||||||
|
## Attributes Reference
|
||||||
|
|
||||||
|
In addition to the arguments listed above, the following computed attributes are
|
||||||
|
exported:
|
||||||
|
|
||||||
|
* `name` - The name of the project.
|
||||||
|
|
||||||
|
* `number` - The numeric identifier of the project.
|
Loading…
Reference in New Issue
Block a user