public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-09-07 01:26:43 +00:00
Code Issues Projects Releases Wiki Activity
293a63e74a
terraform-provider-google/website/docs/r/google_organization_iam_custom_role.html.markdown
emily b1338b4ee7
Allow recreation of recently deleted project and org custom roles (#1681) 
* undelete-update recently soft-deleted custom roles

* remove my TODO statements

* check values on soft-delete-recreate for custom role tests

* final fixes to make sure delete works; return read() when updating to 'create'

* check for non-404 errors for custom role get

* add warnings to custom roles docs
2018-09-10 11:36:16 -07:00

64 lines
2.5 KiB
Markdown
Raw Blame History

---
layout: "google"
page_title: "Google: google_organization_iam_custom_role"
sidebar_current: "docs-google-organization-iam-custom-role"
description: |-
Allows management of a customized Cloud IAM organization role.
---
# google\_organization\_iam\_custom\_role
Allows management of a customized Cloud IAM organization role. For more information see
[the official documentation](https://cloud.google.com/iam/docs/understanding-custom-roles)
and
[API](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).
~> **Warning:** Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise
from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the
same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted
after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is
made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all
by Terraform, and new roles cannot share that name.
## Example Usage
This snippet creates a customized IAM organization role.
```hcl
resource "google_organization_iam_custom_role" "my-custom-role" {
role_id = "myCustomRole"
org_id = "123456789"
title = "My Custom Role"
description = "A description"
permissions = ["iam.roles.list", "iam.roles.create", "iam.roles.delete"]
}
```
## Argument Reference
The following arguments are supported:
* `role_id` - (Required) The role id to use for this role.
* `org_id` - (Required) The numeric ID of the organization in which you want to create a custom role.
* `title` - (Required) A human-readable title for the role.
* `permissions` (Required) The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
* `stage` - (Optional) The current launch stage of the role.
Defaults to `GA`.
List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).
* `description` - (Optional) A human-readable description for the role.
* `deleted` - (Optional) The current deleted state of the role. Defaults to `false`.
## Import
Customized IAM organization role can be imported using their URI, e.g.
```
$ terraform import google_organization_iam_custom_role.my-custom-role organizations/123456789/roles/myCustomRole
```
Reference in New Issue View Git Blame Copy Permalink