mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-03 08:42:39 +00:00
Add explanation for member field (#809)
This commit is contained in:
parent
79573e2469
commit
aff87e976c
|
@ -26,7 +26,7 @@ data "google_iam_policy" "admin" {
|
|||
role = "roles/storage.objectViewer"
|
||||
|
||||
members = [
|
||||
"user:evanbrown@google.com",
|
||||
"user:jane@example.com",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
@ -53,11 +53,15 @@ each accept the following arguments:
|
|||
|
||||
* `role` (Required) - The role/permission that will be granted to the members.
|
||||
See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles.
|
||||
* `members` (Required) - An array of users/principals that will be granted
|
||||
the privilege in the `role`. For a human user, prefix the user's e-mail
|
||||
address with `user:` (e.g., `user:evandbrown@gmail.com`). For a service
|
||||
account, prefix the service account e-mail address with `serviceAccount:`
|
||||
(e.g., `serviceAccount:your-service-account@your-project.iam.gserviceaccount.com`).
|
||||
|
||||
* `members` (Required) - An array of identites that will be granted the privilege in the `role`.
|
||||
Each entry can have one of the following values:
|
||||
* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
|
||||
* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
|
||||
* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
|
||||
* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
|
||||
* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
|
||||
* **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
|
|
|
@ -32,7 +32,14 @@ resource "google_project_iam_binding" "project" {
|
|||
|
||||
The following arguments are supported:
|
||||
|
||||
* `members` - (Required) A list of users that the role should apply to.
|
||||
* `members` (Required) - An array of identites that will be granted the privilege in the `role`.
|
||||
Each entry can have one of the following values:
|
||||
* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
|
||||
* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
|
||||
* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
|
||||
* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
|
||||
* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
|
||||
* **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com.
|
||||
|
||||
* `role` - (Required) The role that should be applied. Only one
|
||||
`google_project_iam_binding` can be used per role.
|
||||
|
|
|
@ -30,7 +30,14 @@ resource "google_project_iam_member" "project" {
|
|||
|
||||
The following arguments are supported:
|
||||
|
||||
* `member` - (Required) The user that the role should apply to.
|
||||
* `member` - (Required) The identity that will be granted the privilege in the `role`.
|
||||
This field can have one of the following values:
|
||||
* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
|
||||
* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
|
||||
* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
|
||||
* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
|
||||
* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
|
||||
* **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com.
|
||||
|
||||
* `role` - (Required) The role that should be applied.
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user