public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-09-17 00:29:57 +00:00
Code Issues Projects Releases Wiki Activity
5766f2b107
terraform-provider-google/website/docs/r/google_project_iam_binding.html.markdown
Nathan McKinley ced8cb506c
Consistent IAM resource imports. (#835) 
Add consistency for for IAM imports.
- Adds imports for projects, folders, crypto keys, organizations, and key rings.
- Anything else with IAM can implement a simple method and begin working immediately.
- Add tests for all the IAM imports.
- Import documentation for IAM resources.
2017-12-11 10:24:53 -08:00

2.4 KiB
Raw Blame History

layout page_title sidebar_current description
google Google: google_project_iam_binding docs-google-project-iam-binding Allows management of a single binding with an IAM policy for a Google Cloud Platform project.

google_project_iam_binding

Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform project.

~> Note: This resource must not be used in conjunction with google_project_iam_policy or they will fight over what your policy should be.

Example Usage

resource "google_project_iam_binding" "project" {
  project = "your-project-id"
  role    = "roles/editor"

  members = [
    "user:jane@example.com",
  ]
}

Argument Reference

The following arguments are supported:

  • members (Required) - An array of identites that will be granted the privilege in the role. Each entry can have one of the following values:

    • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
    • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
    • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
    • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
    • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
    • domain:{domain}: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com.

  • role - (Required) The role that should be applied. Only one google_project_iam_binding can be used per role.

  • project - (Optional) The project ID. If not specified, uses the ID of the project configured with the provider.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • etag - (Computed) The etag of the project's IAM policy.

Import

IAM binding imports use space-delimited identifiers; first the resource in question and then the role. These bindings can be imported using the project_id and role, e.g.

$ terraform import google_project_iam_binding.my_project "your-project-id roles/viewer"