From aff87e976c6e82086d23590ca2d5279f492cf290 Mon Sep 17 00:00:00 2001 From: Vincent Roseberry Date: Thu, 30 Nov 2017 09:10:24 -0800 Subject: [PATCH] Add explanation for member field (#809) --- website/docs/d/google_iam_policy.html.markdown | 16 ++++++++++------ .../r/google_project_iam_binding.html.markdown | 9 ++++++++- .../r/google_project_iam_member.html.markdown | 9 ++++++++- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/website/docs/d/google_iam_policy.html.markdown b/website/docs/d/google_iam_policy.html.markdown index fe0c4dca..8d263159 100644 --- a/website/docs/d/google_iam_policy.html.markdown +++ b/website/docs/d/google_iam_policy.html.markdown @@ -26,7 +26,7 @@ data "google_iam_policy" "admin" { role = "roles/storage.objectViewer" members = [ - "user:evanbrown@google.com", + "user:jane@example.com", ] } } @@ -53,11 +53,15 @@ each accept the following arguments: * `role` (Required) - The role/permission that will be granted to the members. See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles. -* `members` (Required) - An array of users/principals that will be granted - the privilege in the `role`. For a human user, prefix the user's e-mail - address with `user:` (e.g., `user:evandbrown@gmail.com`). For a service - account, prefix the service account e-mail address with `serviceAccount:` - (e.g., `serviceAccount:your-service-account@your-project.iam.gserviceaccount.com`). + +* `members` (Required) - An array of identites that will be granted the privilege in the `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com. ## Attributes Reference diff --git a/website/docs/r/google_project_iam_binding.html.markdown b/website/docs/r/google_project_iam_binding.html.markdown index b7916aa2..59a9c90e 100644 --- a/website/docs/r/google_project_iam_binding.html.markdown +++ b/website/docs/r/google_project_iam_binding.html.markdown @@ -32,7 +32,14 @@ resource "google_project_iam_binding" "project" { The following arguments are supported: -* `members` - (Required) A list of users that the role should apply to. +* `members` (Required) - An array of identites that will be granted the privilege in the `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com. * `role` - (Required) The role that should be applied. Only one `google_project_iam_binding` can be used per role. diff --git a/website/docs/r/google_project_iam_member.html.markdown b/website/docs/r/google_project_iam_member.html.markdown index a9419f81..82b7b328 100644 --- a/website/docs/r/google_project_iam_member.html.markdown +++ b/website/docs/r/google_project_iam_member.html.markdown @@ -30,7 +30,14 @@ resource "google_project_iam_member" "project" { The following arguments are supported: -* `member` - (Required) The user that the role should apply to. +* `member` - (Required) The identity that will be granted the privilege in the `role`. + This field can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com. * `role` - (Required) The role that should be applied.